[debian-mysql] Bug#490777: [Secure-testing-team] Bug#490777: binds to any with bind-address=127.0.0.1 if iface lo is not available
martin f krafft
madduck at debian.org
Mon Jul 14 13:56:10 UTC 2008
found 490777 5.0.32-7
thanks
also sprach Steve Langasek <vorlon at debian.org> [2008.07.14.1535 +0200]:
> > Even if there is no exploitable security hole at the moment,
> > it's a hole nevertheless. I don't trust mysqld at all, so if
> > I hadn't inspected this system closely before taking it live,
> > I would have been hit by something unexpected.
>
> "I don't trust mysqld" is not a proven security hole. <shrug>
It's not an exploitable one. But it's a hole if contrary to the
configuration I suddenly have a daemon publicly accessible.
> which is not an ancestor of the lenny package; you might want to fix that up
> with a 'found' command referencing an appropriate lenny version which also
> shows this bug.
Done.
> > No idea. I thought since I found it on etch, I'd tag it etch. Does
> > 'etch' suggest 'etch-only' ??
>
> Yes. You should not use suite tags in the general case.
Okay, thanks. I'll refrain from their use in the future. Sorry for
the lapse.
--
.''`. martin f. krafft <madduck at debian.org>
: :' : proud Debian developer, author, administrator, and user
`. `'` http://people.debian.org/~madduck - http://debiansystem.info
`- Debian - when you have better things to do than fixing systems
"i love deadlines. i like the whooshing
sound they make as they fly by."
-- douglas adams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/)
Url : http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20080714/c0961b09/attachment.pgp
More information about the pkg-mysql-maint
mailing list