Your message dated Thu, 29 Jan 2009 21:02:15 +0000
with message-id <[email protected]>
and subject line Bug#513262: fixed in mysql-dfsg-5.0 5.0.51a-23
has caused the Debian Bug report #513262,
regarding mysql-server-5.0: Leaves password in debconf database
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
513262: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513262
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mysql-server-5.0
Version: 5.0.51a-21
Severity: normal
If you look at /var/cache/debconf/passwords.dat, you'll find a copy of the
password in there (just root_password_again). While the file is only readable
by root, this is an unnecessary way to leak the password.
Best practice for password prompting with debconf is to call db_reset to clear
the password out of the database as soon as possible after you use it.
This bug was probably introduced by the patch #471887.
For example :
debian:~# head -n 11 /var/cache/debconf/passwords.dat
Name: mysql-server/root_password
Template: mysql-server/root_password
Value:
Owners: mysql-server-5.0
Flags: seen
Name: mysql-server/root_password_again
Template: mysql-server/root_password_again
Value: bonjour
Owners: mysql-server-5.0
Flags: seen
debian:~# debconf-get-selections |head -n 6
# for internal use
passwd passwd/root-password-crypted password
# for internal use
passwd passwd/user-password-crypted password
# Confirmation du mot de passe du superutilisateur de MySQL :
mysql-server-5.0 mysql-server/root_password_again password
bonjour
-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-6-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages mysql-server-5.0 depends on:
ii adduser 3.110 add and remove users and groups
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libdbi-perl 1.605-1 Perl5 database interface by Tim Bu
ii libgcc1 1:4.3.2-1.1 GCC support library
ii libmysqlclient15off 5.0.51a-21 MySQL database client library
ii libncurses5 5.7+20081213-1 shared libraries for terminal hand
ii libreadline5 5.2-3 GNU readline and history libraries
ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3
ii libwrap0 7.6.q-16 Wietse Venema's TCP wrappers libra
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii mysql-client-5.0 5.0.51a-21 MySQL database client binaries
ii mysql-common 5.0.51a-21 MySQL database common files
ii passwd 1:4.1.1-6 change and administer password and
ii perl 5.10.0-19 Larry Wall's Practical Extraction
ii psmisc 22.6-1 Utilities that use the proc filesy
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages mysql-server-5.0 recommends:
ii bsd-mailx [mailx] 8.1.2-0.20071201cvs-3 A simple mail user agent
ii libhtml-template-p 2.9-1 HTML::Template : A module for usin
ii mailx 1:20071201-3 Transitional package for mailx ren
Versions of packages mysql-server-5.0 suggests:
pn tinyca <none> (no description available)
-- debconf information:
* mysql-server/root_password_again: (password omitted)
* mysql-server/root_password: (password omitted)
mysql-server-5.0/really_downgrade: false
* mysql-server-5.0/need_sarge_compat: false
mysql-server-5.0/start_on_boot: true
mysql-server/error_setting_password:
mysql-server-5.0/nis_warning:
mysql-server-5.0/postrm_remove_databases: false
mysql-server-5.0/need_sarge_compat_done: true
* mysql-server/password_mismatch:
--- End Message ---
--- Begin Message ---
Source: mysql-dfsg-5.0
Source-Version: 5.0.51a-23
We believe that the bug you reported is fixed in the latest version of
mysql-dfsg-5.0, which is due to be installed in the Debian FTP archive:
libmysqlclient15-dev_5.0.51a-23_amd64.deb
to pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-23_amd64.deb
libmysqlclient15off_5.0.51a-23_amd64.deb
to pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-23_amd64.deb
mysql-client-5.0_5.0.51a-23_amd64.deb
to pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-23_amd64.deb
mysql-client_5.0.51a-23_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.51a-23_all.deb
mysql-common_5.0.51a-23_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.51a-23_all.deb
mysql-dfsg-5.0_5.0.51a-23.diff.gz
to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-23.diff.gz
mysql-dfsg-5.0_5.0.51a-23.dsc
to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-23.dsc
mysql-server-5.0_5.0.51a-23_amd64.deb
to pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-23_amd64.deb
mysql-server_5.0.51a-23_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.51a-23_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Norbert Tretkowski <[email protected]> (supplier of updated mysql-dfsg-5.0
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 29 Jan 2009 14:07:32 +0100
Source: mysql-dfsg-5.0
Binary: libmysqlclient15off libmysqlclient15-dev mysql-common mysql-client-5.0
mysql-server-5.0 mysql-server mysql-client
Architecture: source all amd64
Version: 5.0.51a-23
Distribution: testing-proposed-updates
Urgency: medium
Maintainer: Debian MySQL Maintainers <[email protected]>
Changed-By: Norbert Tretkowski <[email protected]>
Description:
libmysqlclient15-dev - MySQL database development files
libmysqlclient15off - MySQL database client library
mysql-client - MySQL database client (metapackage depending on the latest
versio
mysql-client-5.0 - MySQL database client binaries
mysql-common - MySQL database common files
mysql-server - MySQL database server (metapackage depending on the latest
versio
mysql-server-5.0 - MySQL database server binaries
Closes: 513262
Changes:
mysql-dfsg-5.0 (5.0.51a-23) testing-proposed-updates; urgency=medium
.
* Reset debconf password variable root_password_again immediately after
using it. (closes: #513262)
* Disable SSL related tests when running the testsuite until MySQL bug
#42366 gets fixed.
Checksums-Sha1:
465699e4fb7ce772087d95ba44eb2482736a83d7 1717 mysql-dfsg-5.0_5.0.51a-23.dsc
a804ffa287b5a862f04319815538075d11ddd399 314837
mysql-dfsg-5.0_5.0.51a-23.diff.gz
371747a7b164ced45054ef7f8b8b247b3c0e8071 60330 mysql-common_5.0.51a-23_all.deb
fa031ff22d64bae265ae674006616ee65736487a 54736 mysql-server_5.0.51a-23_all.deb
4c0fab323241acb028496df5759bf67fa93d12fa 52538 mysql-client_5.0.51a-23_all.deb
f1a3107a4e03a3073046e155e0347751f13a5384 1905640
libmysqlclient15off_5.0.51a-23_amd64.deb
cf3e95c40d8099343fd73f0ed7953fa420f0cc53 7587422
libmysqlclient15-dev_5.0.51a-23_amd64.deb
e82cac177c42b7f47a5aa79a51f9a00bde057a8a 8207784
mysql-client-5.0_5.0.51a-23_amd64.deb
2fffb24aa70425da783e8d797defc04aa469f2b5 27164376
mysql-server-5.0_5.0.51a-23_amd64.deb
Checksums-Sha256:
d991603e9fa7a6e674c3b2e039f3287ed8860ffe597f6ae03da7347af587ab59 1717
mysql-dfsg-5.0_5.0.51a-23.dsc
ed37cc7cf7ea4507fb888791d37cdec931f6ca66d0b476d73e7d942362e91ad7 314837
mysql-dfsg-5.0_5.0.51a-23.diff.gz
b46f9cf485f5291fc671757deee82e573739d3e30396f924ffa68c837544c764 60330
mysql-common_5.0.51a-23_all.deb
bc7bb848b753c26e0d8c64041cf0afdbab72d0c2892302a6a7fd2a272a23ac6f 54736
mysql-server_5.0.51a-23_all.deb
fa5b3fb79bdb06f1cbebd424af45d5d88f02e12da48cd01ec70b33a13a56f9bb 52538
mysql-client_5.0.51a-23_all.deb
4f30adbe57eee0cece2ec13d9591620c373f7b103d1858906e3e61a35fc0f6cc 1905640
libmysqlclient15off_5.0.51a-23_amd64.deb
c5fb141b775e7417038c0a5412d306c14a3f28fbc91b15f5be82d46dbd142790 7587422
libmysqlclient15-dev_5.0.51a-23_amd64.deb
e083ea88edf8675d03dde45713548060c2617f2f810fcd6cf5e264eb4c49af78 8207784
mysql-client-5.0_5.0.51a-23_amd64.deb
38bcd503e2d1df5d130d73b01b687b3d8be1432b6cfcb283d83c4f11715da13a 27164376
mysql-server-5.0_5.0.51a-23_amd64.deb
Files:
8f6f83ae54c14c7a13596aeaad1b8ab5 1717 misc optional
mysql-dfsg-5.0_5.0.51a-23.dsc
3779605aeae572e7572452dc0d220f17 314837 misc optional
mysql-dfsg-5.0_5.0.51a-23.diff.gz
f013191e9ec6a0a0c7d607f24146ba7b 60330 misc optional
mysql-common_5.0.51a-23_all.deb
4e797c48e3230e194e16c081b4bc122a 54736 misc optional
mysql-server_5.0.51a-23_all.deb
786b3df8ddd11acdb86371556c727a59 52538 misc optional
mysql-client_5.0.51a-23_all.deb
15f5d4b1d8a5883929c8f059b0a9a98a 1905640 libs optional
libmysqlclient15off_5.0.51a-23_amd64.deb
1f4b436b1b4d0c5b6b55dc7659dba537 7587422 libdevel optional
libmysqlclient15-dev_5.0.51a-23_amd64.deb
8a07aa4f42d3404acd5fa7e583ab98b4 8207784 misc optional
mysql-client-5.0_5.0.51a-23_amd64.deb
2f35567a2c90eef475ccd513fd05f38d 27164376 misc optional
mysql-server-5.0_5.0.51a-23_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmCD10ACgkQr/RnCw96jQF/nwCgsMo/+D7/q+/fbtjG1jZlhASH
wl8An1O8pEKEqni2a3cekLWTxzRt4s7X
=xF/r
-----END PGP SIGNATURE-----
--- End Message ---
