severity 490777 important thanks On Mon, Jul 14, 2008 at 11:27:01AM +0200, martin f krafft wrote: > Package: mysql-server-5.0 > Version: 5.0.32-7etch5 > Severity: critical > Tags: security etch
"critical" severity is used for: makes unrelated software on the system (or the whole system) break, or causes serious data loss, or introduces a security hole on systems where you install the package. Installing this package does not cause the described security hole; by default, mysqld does not bind to TCP at all, and listening on a TCP port is not a security issue per se in any case. I'm not sure why you've tagged this bug 'etch' - do you believe the bug to be resolved in later versions of the package? > Arguably, this is a problem with the vserver Yes, a quite frequent problem with vserver... > but mysqld should definitely not bind to any as a consequence. Instead, it > should refuse to start. Yes, definitely. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
