[Pkg-cacti-maint] Bug#710331: cacti: Mishandling of double-quotes in password

Francois Gouget fgouget at free.fr
Wed May 29 23:57:00 UTC 2013


Package: cacti
Version: 0.8.8a+dfsg-6
Severity: normal

Dear Maintainer,

While installing the cacti package I got asked for a password for the cacti database. I had the misfortune of typing a password containing a double-quote. This resulted in cacti not starting due to an obvious syntax error in '/etc/cacti/debian.php':

$database_password = "prickly"cacti";

Escaping the double-quote at least got the Cacti website to come up. I did not test further with that password however.

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages cacti depends on:
ii  dbconfig-common                          1.8.47+nmu1
ii  debconf [debconf-2.0]                    1.5.50
ii  libapache2-mod-php5                      5.4.4-15
ii  libphp-adodb                             5.15-1
ii  mysql-client-5.5 [virtual-mysql-client]  5.5.31+dfsg-1
ii  perl                                     5.14.2-21
ii  php5-cli                                 5.4.4-15
ii  php5-mysql                               5.4.4-15
ii  php5-snmp                                5.4.4-15
ii  rrdtool                                  1.4.7-2
ii  snmp                                     5.4.3~dfsg-3
ii  ucf                                      3.0025+nmu3

Versions of packages cacti recommends:
ii  apache2                      2.2.22-13
ii  apache2-mpm-prefork [httpd]  2.2.22-13
ii  iputils-ping                 3:20101006-3
ii  libjs-jquery                 1.7.2+dfsg-2
ii  libjs-jquery-cookie          8-2
ii  logrotate                    3.8.1-4
ii  mysql-server                 5.5.31+dfsg-1

Versions of packages cacti suggests:
pn  moreutils  <none>
pn  php5-ldap  <none>

-- debconf information:
  cacti/db/app-user: cacti
  cacti/mysql/admin-user: root
* cacti/webserver: apache2
  cacti/mysql/method: unix socket
  cacti/remote/host:
  cacti/upgrade-error: abort
  cacti/dbconfig-upgrade: true
  cacti/internal/skip-preseed: false
  cacti/remote/newhost:
  cacti/purge: false
  cacti/missing-db-package-error: abort
  cacti/database-type: mysql
  cacti/remove-error: abort
  cacti/db/dbname: cacti
  cacti/upgrade-backup: true
  cacti/install-error: abort
  cacti/internal/reconfiguring: false
  cacti/passwords-do-not-match:
  cacti/dbconfig-remove:
* cacti/dbconfig-install: true
  cacti/remote/port:
  cacti/dbconfig-reinstall: false



More information about the Pkg-cacti-maint mailing list