Package: dbconfig-common
Version: 1.8.41
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi
it looks like dbconfig-common does not escape database name. When user
enters something like foo-bar as database name, it is passed to MySQL
without escaping and it fails:
mysql said: ERROR 1064 (42000) at line 1: You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near '-bar' at line 1
- --
Michal Čihař | http://cihar.com | http://blog.cihar.com
- -- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.27.37-0.1-default (SMP w/2 CPU cores)
Locale: LANG=cs_CZ.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages dbconfig-common depends on:
ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy
ii ucf 3.0024 Update Configuration File: preserv
dbconfig-common recommends no packages.
Versions of packages dbconfig-common suggests:
ii mysql-client 5.1.40-1 MySQL database client (metapackage
ii mysql-client-5.1 [virtual-mys 5.1.40-1 MySQL database client binaries
ii postgresql-client-8.3 [postgr 8.3.8-1 front-end programs for PostgreSQL
- -- debconf information excluded
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksBVWYACgkQ3DVS6DbnVgQihwCfSPjLNPiuDdNWRpZ7byrq21nX
BrMAoPR4+Dr14Mypyz8CkI6uH/acxOY6
=wNxi
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
