Package: mysql-server-5.0 Version: 5.0.30-1 Severity: serious Justification: Policy 9.3.2
After upgrading mysql-server-5.0 the mysql server is running even if it was not before the upgrade. See bug #316321 and #397446 for a patch used to correct the same problem with apache. This is dangerous as it can make people vulnerable without considering they are running a sql server (if they use a blank password by instance) Moreover this package reinstall /etc/rc*.d/*mysql* even if the user removed them which is a security risk too : fakir:[archives]# ls /etc/rc*/*mysql* ls: /etc/rc*/*mysql*: No such file or directory fakir:[archives]# dpkg -i mysql-server-5.0_5.0.30-1_i386.deb (Reading database ... 161354 files and directories currently installed.) Preparing to replace mysql-server-5.0 5.0.30-1 (using mysql-server-5.0_5.0.30-1_i386.deb) ... Stopping MySQL database server: mysqld. Stopping MySQL database server: mysqld. Unpacking replacement mysql-server-5.0 ... Setting up mysql-server-5.0 (5.0.30-1) ... Stopping MySQL database server: mysqld. Starting MySQL database server: mysqld. Checking for corrupt, not cleanly closed and upgrade needing tables.. fakir:[archives]# ls /etc/rc*/*mysql* /etc/rc0.d/K20mysql-ndb /etc/rc2.d/S19mysql /etc/rc4.d/S19mysql /etc/rc6.d/K20mysql-ndb /etc/rc0.d/K21mysql /etc/rc2.d/S19mysql-ndb-mgm /etc/rc4.d/S19mysql-ndb-mgm /etc/rc6.d/K21mysql /etc/rc0.d/K21mysql-ndb-mgm /etc/rc2.d/S20mysql-ndb /etc/rc4.d/S20mysql-ndb /etc/rc6.d/K21mysql-ndb-mgm /etc/rc1.d/K20mysql-ndb /etc/rc3.d/S19mysql /etc/rc5.d/S19mysql /etc/rc1.d/K21mysql /etc/rc3.d/S19mysql-ndb-mgm /etc/rc5.d/S19mysql-ndb-mgm /etc/rc1.d/K21mysql-ndb-mgm /etc/rc3.d/S20mysql-ndb /etc/rc5.d/S20mysql-ndb thanks for reading geo -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18.2 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages mysql-server-5.0 depends on: ii adduser 3.100 Add and remove users and groups ii debconf [debconf-2.0] 1.5.9 Debian configuration management sy ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries ii libdbi-perl 1.53-1 Perl5 database interface by Tim Bu ii libgcc1 1:4.1.1-20 GCC support library ii libmysqlclient15off 5.0.30-1 mysql database client library ii libncurses5 5.5-5 Shared libraries for terminal hand ii libreadline5 5.2-1 GNU readline and history libraries ii libstdc++6 4.1.1-20 The GNU Standard C++ Library v3 ii libwrap0 7.6.dbs-11 Wietse Venema's TCP wrappers libra ii lsb-base 3.1-22 Linux Standard Base 3.1 init scrip ii mysql-client-5.0 5.0.30-1 mysql database client binaries ii mysql-common 5.0.30-1 mysql database common files (e.g. ii passwd 1:4.0.18.1-5 change and administer password and ii perl 5.8.8-6.1 Larry Wall's Practical Extraction ii psmisc 22.3-1 Utilities that use the proc filesy ii zlib1g 1:1.2.3-13 compression library - runtime Versions of packages mysql-server-5.0 recommends: ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent -- debconf information: mysql-server-5.0/really_downgrade: false * mysql-server-5.0/need_sarge_compat: false mysql-server-5.0/start_on_boot: true mysql-server/error_setting_password: mysql-server-5.0/nis_warning: mysql-server-5.0/postrm_remove_databases: false mysql-server-5.0/need_sarge_compat_done: true -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]