File nagios-CVE-2013-2214.patch of Package nagios

Index: nagios/cgi/status.c
===================================================================
--- nagios.orig/cgi/status.c
+++ nagios/cgi/status.c
@@ -2547,6 +2547,10 @@ void show_servicegroup_overview(serviceg
 		if(temp_host == NULL)
 			continue;
 
+        /* make sure user has rights to view this host */
+        if(is_authorized_for_host(temp_host, &current_authdata) == FALSE)
+            continue;
+
 		/* skip this if it isn't a new host... */
 		if(temp_host == last_host)
 			continue;
@@ -2752,6 +2756,10 @@ void show_servicegroup_host_totals_summa
 		if(temp_host == NULL)
 			continue;
 
+        /* make sure user has rights to view this host */
+        if(is_authorized_for_host(temp_host, &current_authdata) == FALSE)
+            continue;
+
 		/* skip this if it isn't a new host... */
 		if(temp_host == last_host)
 			continue;
@@ -2931,6 +2939,10 @@ void show_servicegroup_service_totals_su
 		temp_service = find_service(temp_member->host_name, temp_member->service_description);
 		if(temp_service == NULL)
 			continue;
+ 
+        /* make sure user has rights to view this service */
+        if(is_authorized_for_service(temp_service, &current_authdata) == FALSE)
+            continue;
 
 		/* skip this if it isn't a new service... */
 		if(temp_service == last_service)
@@ -3290,6 +3302,10 @@ void show_servicegroup_grid(servicegroup
 		if(temp_host == NULL)
 			continue;
 
+        /* make sure user has rights to view this host */
+        if(is_authorized_for_host(temp_host, &current_authdata) == FALSE)
+            continue;
+
 		/* get the status of the host */
 		temp_hoststatus = find_hoststatus(temp_host->name);
 		if(temp_hoststatus == NULL)