diff -u nagios-nrpe-2.15/debian/changelog nagios-nrpe-2.15/debian/changelog
--- nagios-nrpe-2.15/debian/changelog
+++ nagios-nrpe-2.15/debian/changelog
@@ -1,3 +1,23 @@
+nagios-nrpe (2.15-1ubuntu3) yakkety; urgency=medium
+
+  * debian/rules : Add "--enable-command-args". (LP: #1555258)
+    This update enables the command-args support in nrpe 
+    by not ignoring option "dont_blame_nrpe=1". By default, 
+    the option is set as follow : "dont_blame_nrpe=0", which 
+    has the same effect of having the command-args support 
+    disabled at compile time like Debian does. Ubuntu has decided 
+    to deviate from Debian upstream for that particular case to 
+    allow/unblock the Ubuntu users of nrpe to make the choice for 
+    themselves whether to accept the security risks that the feature 
+    involve by manually enabling command-args in nrpe.cfg or not. 
+    For more details as of why Debian has decided to disable the 
+    feature can be found in debian/NEWS. (closes: #756479)
+
+  * [5bf9b20] Add 10_remote_execution_exploit_fix.dpatch patch (LP: #1555258)
+    As requested by the security team.
+
+ -- Eric Desrochers <eric.desrochers@canonical.com>  Mon, 08 May 2017 08:01:10 -0400
+
 nagios-nrpe (2.15-1ubuntu2) yakkety; urgency=medium
 
   * Use dpkg-dev's hardening support instead of hardening-includes.
diff -u nagios-nrpe-2.15/debian/patches/00list nagios-nrpe-2.15/debian/patches/00list
--- nagios-nrpe-2.15/debian/patches/00list
+++ nagios-nrpe-2.15/debian/patches/00list
@@ -6,0 +7 @@
+10_remote_execution_exploit_fix.dpatch
diff -u nagios-nrpe-2.15/debian/rules nagios-nrpe-2.15/debian/rules
--- nagios-nrpe-2.15/debian/rules
+++ nagios-nrpe-2.15/debian/rules
@@ -24,5 +24,6 @@
 		--localstatedir=/var \
 		--libexecdir=/usr/lib/nagios/plugins \
-		--libdir=/usr/lib/nagios
+		--libdir=/usr/lib/nagios \
+		--enable-command-args
 
 override_dh_auto_install:
only in patch2:
unchanged:
--- nagios-nrpe-2.15.orig/debian/patches/10_remote_execution_exploit_fix.dpatch
+++ nagios-nrpe-2.15/debian/patches/10_remote_execution_exploit_fix.dpatch
@@ -0,0 +1,23 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 10_remote_execution_exploit_fix.dpatch by Eric Desrochers <eric.desrochers@canonical.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Remote execution exploit fix. 
+
+## Author: John C. Frickson <jfrickson@nagios.com>
+## Origin: https://github.com/NagiosEnterprises/nrpe/commit/5bf9b2047f8e9a8609c3b95b2e655368765e4dd1
+## Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+bug/1555258
+
+@DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' nagios-nrpe-2.15~/src/nrpe.c nagios-nrpe-2.15/src/nrpe.c
+--- nagios-nrpe-2.15~/src/nrpe.c	2017-05-08 08:02:36.000000000 -0400
++++ nagios-nrpe-2.15/src/nrpe.c	2017-05-08 08:03:15.330424439 -0400
+@@ -53,7 +53,7 @@
+ 
+ #define DEFAULT_COMMAND_TIMEOUT	60			/* default timeout for execution of plugins */
+ #define MAXFD                   64
+-#define NASTY_METACHARS         "|`&><'\"\\[]{};"
++#define NASTY_METACHARS         "|`&><'\\[]{};\r\n"
+ #define howmany(x,y)	(((x)+((y)-1))/(y))
+ #define MAX_LISTEN_SOCKS        16
+