HEAD is now at e8936e9a Revert "nagios-plugins: fix CVE-2023-37154" martin@jama /OE/layers/meta-virtualization $ git am /home/messages/meta-virt/cur/1733934759.2224280_1.jama\:2\,S 1733934759.2224280_1.jama:2,S martin@jama /OE/layers/meta-virtualization $ git am /home/messages/meta-virt/cur/1733934759.2224280_1.jama\:2\,S Applying: nagios-plugins: fix CVE-2023-37154 .git/rebase-apply/patch:33: space before tab in indent. [path and arguments for invoking 'who']) .git/rebase-apply/patch:35: trailing whitespace. .git/rebase-apply/patch:47: space before tab in indent. [AS_HELP_STRING([--with-ipv6], [support IPv6 @<:@default=check@:>@])], .git/rebase-apply/patch:48: space before tab in indent. [], [with_ipv6=check]) .git/rebase-apply/patch:55: trailing whitespace. warning: squelched 9 whitespace errors warning: 14 lines add whitespace errors. martin@jama /OE/layers/meta-virtualization $ git show -1 --stat commit 9df3006ae7595bf90118e1569a1025b071907532 (HEAD) Author: Changqing Li Date: Thu Nov 28 11:07:17 2024 +0800 nagios-plugins: fix CVE-2023-37154 CVE-2023-37154: check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior. Refer: https://nvd.nist.gov/vuln/detail/CVE-2023-37154 Signed-off-by: Changqing Li recipes-extended/nagios/nagios-plugins/CVE-2023-37154.patch | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ recipes-extended/nagios/nagios-plugins_2.2.1.bb | 1 + 2 files changed, 70 insertions(+)