Package: mariadb-server-10.0 Version: 10.0.23-0+deb8u1 Severity: minor Dear Maintainer,
While looking to preseed some Jessie systems, I noticed that the mysql-server/root_password field had been cleared in the postinstall script, however the mysql-server/root_password_again field had not been. Therefore, the root password for the database, if not reset after installation, was available in cleartext from debconf. -- System Information: Debian Release: 8.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/24 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages mariadb-server-10.0 depends on: ii adduser 3.113+nmu3 ii debconf [debconf-2.0] 1.5.56 ii libaio1 0.3.110-1 ii libc6 2.19-18+deb8u3 ii libdbi-perl 1.631-3+b1 ii libpam0g 1.1.8-3.1+deb8u1 ii libstdc++6 4.9.2-10 ii lsb-base 4.1+Debian13+nmu1 ii mariadb-client-10.0 10.0.23-0+deb8u1 ii mariadb-common 10.0.23-0+deb8u1 ii mariadb-server-core-10.0 10.0.23-0+deb8u1 ii passwd 1:4.2-3+deb8u1 ii perl 5.20.2-3+deb8u3 ii psmisc 22.21-2 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages mariadb-server-10.0 recommends: ii libhtml-template-perl 2.95-1 Versions of packages mariadb-server-10.0 suggests: ii bsd-mailx [mailx] 8.1.2-0.20141216cvs-2 pn mariadb-test <none> pn tinyca <none> -- debconf information: * mysql-server/root_password_again: (password omitted) * mysql-server/root_password: (password omitted) mariadb-server/oneway_migration: true mysql-server/password_mismatch: mysql-server/no_upgrade_when_using_ndb: mysql-server-10.0/postrm_remove_databases: false mysql-server-10.0/nis_warning: mariadb-server-10.0/really_downgrade: false mysql-server/error_setting_password: