[debian-mysql] Bug#751377: percona-xtrabackup: talks home without asking
Salvatore Bonaccorso
carnil at debian.org
Thu Jun 12 09:22:19 UTC 2014
Hi,
(not the maintainer; just giving additional reference)
On Thu, Jun 12, 2014 at 11:00:32AM +0200, Bernd Zeimetz wrote:
> Package: percona-xtrabackup
> Severity: serious
>
> According to our firewall logs, percona xtrabackup tries to talk home
> without having explicit permission to do so. I think the code is somewhere
> around here:
>
> innobackupex.pl
>
> my $advice = pingback(
> instances => $instances_to_check,
> protocol => $protocol,
> url => $args{url} # testing
> || $ENV{PERCONA_VERSION_CHECK_URL} # testing
> || "$protocol://v.percona.com",
> );
>
Sounds similar to what was found for percona-toolkit:
[0] http://seclists.org/oss-sec/2014/q1/398
[1] https://security-tracker.debian.org/tracker/CVE-2014-2029
[2] https://bugs.debian.org/740846
Regards,
Salvatore
More information about the pkg-mysql-maint
mailing list