-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 May 2025 22:11:53 +0200 Source: mydumper Binary: mydumper mydumper-dbgsym Architecture: arm64 Version: 0.10.1-1+deb12u2 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-conova-03) Changed-By: Lee Garrett Description: mydumper - High-performance MySQL backup tool Changes: mydumper (0.10.1-1+deb12u2) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS team. * Fix CVE-2025-30224: - The MySQL C client library (libmysqlclient) allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOAD LOCAL INFILE query, leading to sensitive information disclosure when clients connect to untrusted MySQL servers without explicitly disabling the local infile capability. Mydumper had the local infile option enabled by default and does not have an option to disable it. This can lead to an unexpected arbitrary file read if the Mydumper tool connects to an untrusted server. * Add autopkgtest integration tests * Add debian/gbp.conf Checksums-Sha1: 97ea77a589355c0c57ee7bec3081d66d6a21df99 116488 mydumper-dbgsym_0.10.1-1+deb12u2_arm64.deb f139621027608d20d4b16912293ab700b684ad27 9667 mydumper_0.10.1-1+deb12u2_arm64-buildd.buildinfo 5439c8ab36cd6af6323a5a1d81aa05991c61774f 42752 mydumper_0.10.1-1+deb12u2_arm64.deb Checksums-Sha256: 683e93f2dee7def3afbf9e532e472d6d79d913cb2768a30a916b30c0c49499ff 116488 mydumper-dbgsym_0.10.1-1+deb12u2_arm64.deb 2d2f5e383a3e9b713ac500a680155594a768873a9e817c361fb868d26c3a7b50 9667 mydumper_0.10.1-1+deb12u2_arm64-buildd.buildinfo 1a6c1a003c6bd2f598418421226d203b74e556440c08a6cacdc5a1f91d7e4011 42752 mydumper_0.10.1-1+deb12u2_arm64.deb Files: f36e9b87994ff21fc13c1d1c7be8d285 116488 debug optional mydumper-dbgsym_0.10.1-1+deb12u2_arm64.deb b53d8c9b724d9205ee17f65837a4e354 9667 database extra mydumper_0.10.1-1+deb12u2_arm64-buildd.buildinfo 987b03d2475a3eef2a72e34572ba500d 42752 database extra mydumper_0.10.1-1+deb12u2_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVM4SKBZumztS8zr3lST9Us03ywsFAmjB7zcACgkQlST9Us03 ywvf+w/+I+2NygL83D1cyLFqongz2cqIKfD6txk49SS6sQqBBu/GLZmYn3gNqj09 nnVCcxtfgFKpqs1kvLJuw9VVF2687YVZEZnrPtQuK9Yjlu96RP1lJXNrM6c0MsQ+ ZdpTGNmkQT+9h0crDEQPmwLlWsQPslZOVzhTHYTkAVU6cWqqQJL7wtQ39bbQs4rT 5jf3GxDtJhQJkUXRrEnJN5KdTkmkGu7r4gd7nCj3ZdJncH6uqRKaWZGA10tTj+qR EUCMVLHjzh8bMce7kBehsZGduZ+52S/PUS5eWCbWbmMZayLMNRYG2+au95WaFfAa dbc4nazvijDyc8q4qoxHI2u+NkphRKCWaxjh4dW5+j9pOp3OXueqG+6OqOzXDTdO 0vwof2mnzH7awqkHTDaFll3REmvSuKDxz6wb7SsmWjpUqp9o9rHVldvS/aY1VZli 1he3w02dnFM/WHwJiQQKJ6ht1Vnr3D8trXHFJ8KCu5pMHLbA/IyU6DDaRItg9gmh LpUmpTX2oKbkifoR99ITluCniwi6lB29wAOTj62/JU+SPF7ZHW3a58I6r0chAAH8 sdCBb0Wkm470ptZAns6+afJPs0Rf1yThA9sS+ArpMh2t9pdl8/kjTfSZ1Q7eZxmF 4bc8vZSUI4FP+X5ssBmRUTTRKHzAdHhYQsxHCdHp7USTJ4O4VBQ= =tQW6 -----END PGP SIGNATURE-----