[debian-mysql] Bug#578171: mysql-server-5.1: Password sanitization

Chris Brown cmb-debian at chibi.ca
Wed Feb 9 13:51:20 UTC 2011 

Package: mysql-server-5.1
Version: 5.1.49-3
Severity: normal

On a fresh install, the system asks you to set a password.  If you set it to an
unsanitized string (I'm not exactly sure which character(s) I had that were
invalid but it wasn't ' or " as noted before) the install fails and access
using a mysql client is blocked.



-- System Information:
Debian Release: 6.0
  APT prefers squeeze-updates
  APT policy: (500, 'squeeze-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages mysql-server-5.1 depends on:
ii  adduser              3.112+nmu2          add and remove users and groups
ii  debconf [debconf-2.0 1.5.36.1            Debian configuration management sy
ii  libc6                2.11.2-10           Embedded GNU C Library: Shared lib
ii  libdbi-perl          1.612-1             Perl Database Interface (DBI)
ii  libgcc1              1:4.4.5-8           GCC support library
ii  libmysqlclient16     5.1.49-3            MySQL database client library
ii  libstdc++6           4.4.5-8             The GNU Standard C++ Library v3
ii  lsb-base             3.2-23.2squeeze1    Linux Standard Base 3.2 init scrip
ii  mysql-client-5.1     5.1.49-3            MySQL database client binaries
ii  mysql-common         5.1.49-3            MySQL database common files, e.g. 
ii  mysql-server-core-5. 5.1.49-3            MySQL database server binaries
ii  passwd               1:4.1.4.2+svn3283-2 change and administer password and
ii  perl                 5.10.1-17           Larry Wall's Practical Extraction 
ii  psmisc               22.11-1             utilities that use the proc file s
ii  zlib1g               1:1.2.3.4.dfsg-3    compression library - runtime

Versions of packages mysql-server-5.1 recommends:
ii  bsd-mailx [mailx]  8.1.2-0.20100314cvs-1 simple mail user agent
ii  libhtml-template-p 2.9-2                 module for using HTML Templates wi

Versions of packages mysql-server-5.1 suggests:
pn  tinyca                        <none>     (no description available)

-- debconf information:
  mysql-server/error_setting_password:
  mysql-server-5.1/start_on_boot: true
  mysql-server-5.1/postrm_remove_databases: false
  mysql-server-5.1/nis_warning:
  mysql-server-5.1/really_downgrade: false
  mysql-server/password_mismatch:
  mysql-server/no_upgrade_when_using_ndb:

More information about the pkg-mysql-maint mailing list