-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 May 2025 22:11:53 +0200 Source: mydumper Binary: mydumper mydumper-dbgsym Architecture: amd64 Version: 0.10.1-1+deb12u2 Distribution: bookworm Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: Lee Garrett Description: mydumper - High-performance MySQL backup tool Changes: mydumper (0.10.1-1+deb12u2) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS team. * Fix CVE-2025-30224: - The MySQL C client library (libmysqlclient) allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOAD LOCAL INFILE query, leading to sensitive information disclosure when clients connect to untrusted MySQL servers without explicitly disabling the local infile capability. Mydumper had the local infile option enabled by default and does not have an option to disable it. This can lead to an unexpected arbitrary file read if the Mydumper tool connects to an untrusted server. * Add autopkgtest integration tests * Add debian/gbp.conf Checksums-Sha1: 42a346878c8ef4f28395b853b7165c2520a6c13e 116360 mydumper-dbgsym_0.10.1-1+deb12u2_amd64.deb d32cfbeab824d652a02905c31b362e14c28d6e93 9668 mydumper_0.10.1-1+deb12u2_amd64-buildd.buildinfo e3fe496793ec9d64f57fed941adffae5abff61f9 45856 mydumper_0.10.1-1+deb12u2_amd64.deb Checksums-Sha256: e80739c3cd954a90ffc50481c5dadc900562be26cbc95058847e23b433e585ca 116360 mydumper-dbgsym_0.10.1-1+deb12u2_amd64.deb 638a841c19aab7c02a1c9c34fa8d2e5fe6a658e4910d6d9a7def983237e93962 9668 mydumper_0.10.1-1+deb12u2_amd64-buildd.buildinfo 894d1836ac7ed64bec6d326539f05e0265ffca858f348f6725827ba4c59fb304 45856 mydumper_0.10.1-1+deb12u2_amd64.deb Files: 41d4dd09fee52dfeeb89bdaeac8bb1d6 116360 debug optional mydumper-dbgsym_0.10.1-1+deb12u2_amd64.deb 34dd5e3a5f99a93ae1a80d548045f3e8 9668 database extra mydumper_0.10.1-1+deb12u2_amd64-buildd.buildinfo 949727d88ce3ba0487cb2f750e11def2 45856 database extra mydumper_0.10.1-1+deb12u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErwLLVsiCiGZggzpHJuP6X4A0XeIFAmjB55QACgkQJuP6X4A0 XeKE/w//XWpGglTO5gUt8PKi4qZhyjKb9IEhtsQTqRG+j+VhIiRNAuTW/G8htHkb BTAcf+BwVX4p3CgW02W5xlq10GRnKKvlPveQNBHBT6ZV7tMn4F1SdSA6CWNEf68T 8HppPgAHR3fsBsSKU1fmLH0o6cHAByPdcUbIYP7Sg/KVm13GhZTa4P5zkWlLXGfA u8GLKuLwSK3izzGnWGzg6YA07EAQRspbx3ekeRYqAkdftN+Mja26rba361gYJfdf ucnmwZ92xxtxJJLwRIM2dLwoP+AmmVv1mlM71LYw3kwfdIYMXRVzYptDNSvV2TNF Na4vseUGtq5JvBS9caumsVEzC+YmQ/g0CpOCJYqkB21ADRXUrrCoYWauxGi3z82h ty695RXRSPgXtYXD5ZrCjUszDQbbX6NP9QFZ0tvOHPLNWgvDgo+ickFjDAFVPeIP 2aCxMN0Dq/71RO6HKsSeJwBDKKmRBiGYD3VomJOUc/dq5KlVONUleZacsAiD4FYU CKw/tRG8FTWPkfU7twR7jHUkWsOkFcwCHe6/ZhS/+7NBfDPk0mk6Aog+8xK8+gIs DZlIoGdktot/F/S2MlzmBv6WvWLg/tr6eOSgQMwl8qEidBi8OZraGBzvmWZ6AvjZ LkDxT1j6pCXfck9dktp+ou+7xWjBUJPcMwf+UentuTW97Prq8i0= =Vt6l -----END PGP SIGNATURE-----