Package: mysql-server-5.0
Version: 5.0.30-1
Severity: serious
Justification: Policy 9.3.2
After upgrading mysql-server-5.0 the mysql server is running
even if it was not before the upgrade. See bug #316321 and
#397446 for a patch used to correct the same problem with apache.
This is dangerous as it can make people vulnerable without
considering they are running a sql server (if they use a blank
password by instance)
Moreover this package reinstall /etc/rc*.d/*mysql* even if the
user removed them which is a security risk too :
fakir:[archives]# ls /etc/rc*/*mysql*
ls: /etc/rc*/*mysql*: No such file or directory
fakir:[archives]# dpkg -i mysql-server-5.0_5.0.30-1_i386.deb
(Reading database ... 161354 files and directories currently installed.)
Preparing to replace mysql-server-5.0 5.0.30-1 (using
mysql-server-5.0_5.0.30-1_i386.deb) ...
Stopping MySQL database server: mysqld.
Stopping MySQL database server: mysqld.
Unpacking replacement mysql-server-5.0 ...
Setting up mysql-server-5.0 (5.0.30-1) ...
Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..
fakir:[archives]# ls /etc/rc*/*mysql*
/etc/rc0.d/K20mysql-ndb /etc/rc2.d/S19mysql /etc/rc4.d/S19mysql
/etc/rc6.d/K20mysql-ndb
/etc/rc0.d/K21mysql /etc/rc2.d/S19mysql-ndb-mgm
/etc/rc4.d/S19mysql-ndb-mgm /etc/rc6.d/K21mysql
/etc/rc0.d/K21mysql-ndb-mgm /etc/rc2.d/S20mysql-ndb
/etc/rc4.d/S20mysql-ndb /etc/rc6.d/K21mysql-ndb-mgm
/etc/rc1.d/K20mysql-ndb /etc/rc3.d/S19mysql /etc/rc5.d/S19mysql
/etc/rc1.d/K21mysql /etc/rc3.d/S19mysql-ndb-mgm
/etc/rc5.d/S19mysql-ndb-mgm
/etc/rc1.d/K21mysql-ndb-mgm /etc/rc3.d/S20mysql-ndb
/etc/rc5.d/S20mysql-ndb
thanks for reading
geo
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18.2
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages mysql-server-5.0 depends on:
ii adduser 3.100 Add and remove users and groups
ii debconf [debconf-2.0] 1.5.9 Debian configuration management sy
ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries
ii libdbi-perl 1.53-1 Perl5 database interface by Tim Bu
ii libgcc1 1:4.1.1-20 GCC support library
ii libmysqlclient15off 5.0.30-1 mysql database client library
ii libncurses5 5.5-5 Shared libraries for terminal hand
ii libreadline5 5.2-1 GNU readline and history libraries
ii libstdc++6 4.1.1-20 The GNU Standard C++ Library v3
ii libwrap0 7.6.dbs-11 Wietse Venema's TCP wrappers libra
ii lsb-base 3.1-22 Linux Standard Base 3.1 init scrip
ii mysql-client-5.0 5.0.30-1 mysql database client binaries
ii mysql-common 5.0.30-1 mysql database common files (e.g.
ii passwd 1:4.0.18.1-5 change and administer password and
ii perl 5.8.8-6.1 Larry Wall's Practical Extraction
ii psmisc 22.3-1 Utilities that use the proc filesy
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages mysql-server-5.0 recommends:
ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent
-- debconf information:
mysql-server-5.0/really_downgrade: false
* mysql-server-5.0/need_sarge_compat: false
mysql-server-5.0/start_on_boot: true
mysql-server/error_setting_password:
mysql-server-5.0/nis_warning:
mysql-server-5.0/postrm_remove_databases: false
mysql-server-5.0/need_sarge_compat_done: true
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
