[debian-mysql] Bug#815599: mariadb-server-10.0: Postinstall script does not clear the mysql-server/root_password_again field

Owen, Brynnen owen at illinois.edu
Mon Feb 22 21:10:25 UTC 2016 

Package: mariadb-server-10.0
Version: 10.0.23-0+deb8u1
Severity: minor

Dear Maintainer,

While looking to preseed some Jessie systems, I noticed that the mysql-server/root_password field had been cleared in the postinstall script, however the mysql-server/root_password_again field had not been. Therefore, the root password for the database, if not reset after installation, was available in cleartext from debconf.

-- System Information:
Debian Release: 8.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/24 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mariadb-server-10.0 depends on:
ii  adduser                   3.113+nmu3
ii  debconf [debconf-2.0]     1.5.56
ii  libaio1                   0.3.110-1
ii  libc6                     2.19-18+deb8u3
ii  libdbi-perl               1.631-3+b1
ii  libpam0g                  1.1.8-3.1+deb8u1
ii  libstdc++6                4.9.2-10
ii  lsb-base                  4.1+Debian13+nmu1
ii  mariadb-client-10.0       10.0.23-0+deb8u1
ii  mariadb-common            10.0.23-0+deb8u1
ii  mariadb-server-core-10.0  10.0.23-0+deb8u1
ii  passwd                    1:4.2-3+deb8u1
ii  perl                      5.20.2-3+deb8u3
ii  psmisc                    22.21-2
ii  zlib1g                    1:1.2.8.dfsg-2+b1

Versions of packages mariadb-server-10.0 recommends:
ii  libhtml-template-perl  2.95-1

Versions of packages mariadb-server-10.0 suggests:
ii  bsd-mailx [mailx]  8.1.2-0.20141216cvs-2
pn  mariadb-test       <none>
pn  tinyca             <none>

-- debconf information:
* mysql-server/root_password_again: (password omitted)
* mysql-server/root_password: (password omitted)
  mariadb-server/oneway_migration: true
  mysql-server/password_mismatch:
  mysql-server/no_upgrade_when_using_ndb:
  mysql-server-10.0/postrm_remove_databases: false
  mysql-server-10.0/nis_warning:
  mariadb-server-10.0/really_downgrade: false
  mysql-server/error_setting_password:

More information about the pkg-mysql-maint mailing list