-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 May 2025 22:11:53 +0200 Source: mydumper Binary: mydumper mydumper-dbgsym Architecture: i386 Version: 0.10.1-1+deb12u2 Distribution: bookworm Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Lee Garrett Description: mydumper - High-performance MySQL backup tool Changes: mydumper (0.10.1-1+deb12u2) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS team. * Fix CVE-2025-30224: - The MySQL C client library (libmysqlclient) allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOAD LOCAL INFILE query, leading to sensitive information disclosure when clients connect to untrusted MySQL servers without explicitly disabling the local infile capability. Mydumper had the local infile option enabled by default and does not have an option to disable it. This can lead to an unexpected arbitrary file read if the Mydumper tool connects to an untrusted server. * Add autopkgtest integration tests * Add debian/gbp.conf Checksums-Sha1: 2b65c37afa8174c42696e85accb7b41835137419 101300 mydumper-dbgsym_0.10.1-1+deb12u2_i386.deb 65d6455b761c96900236596bed42e29263dc29aa 9592 mydumper_0.10.1-1+deb12u2_i386-buildd.buildinfo 54c6c52a73de1503e098dd68b14f8f9f4c713092 46596 mydumper_0.10.1-1+deb12u2_i386.deb Checksums-Sha256: d29c757ca2fa1fce9c1ebdaf3e656369d53db602ecb9a752292723468897ac03 101300 mydumper-dbgsym_0.10.1-1+deb12u2_i386.deb 1732582f43a9cfbfd5d8c699714dcdfef7af4dcb575221a0f047817289a6b802 9592 mydumper_0.10.1-1+deb12u2_i386-buildd.buildinfo a6ce09a0a503d8968414984b8469ea499e122f13da8c56659a27c73613912dbf 46596 mydumper_0.10.1-1+deb12u2_i386.deb Files: cbcb52197d7f85a66e81ba16e4c30cac 101300 debug optional mydumper-dbgsym_0.10.1-1+deb12u2_i386.deb 0642578f78aafbc94f8c088dd12e2069 9592 database extra mydumper_0.10.1-1+deb12u2_i386-buildd.buildinfo 7e14ee617d7137a9e8e895c840e76255 46596 database extra mydumper_0.10.1-1+deb12u2_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEc5vuvf2HND40bnI+8IREj/cRiTMFAmjB53AACgkQ8IREj/cR iTO42xAAq28uB5+gZ/z2FAsy5olY3K6tFKvLL/ULIB/mcIsPIfHAxxDrtFSD/3g3 nuSYBjvvtjuZ2nANQEZrOk0+hAjQXCEwDcwQMBwtu5wekBPyMISDVuZAUWuwtxS4 i8s16YbtvFDR0Wh1DY0Vh8ja4oxsCqsFQZxh7PDCTU1jFDVZ8Az/ymbDauedfPMz 2oc+qIoIfnJEJO5OUfvwnJd5g8w8ZfBUtD3tV2hIBBveE2H7EtrcqTOyssYb6rni Mo5SGRYRzqV7qoiaKKpWn9dI2xYvRGGGqFNghjdCMaCsjfusSMkBiEF1sKW2g3xu Y0DOKT3SOMpw1GcLt2M5txNM9Lm0H1gWOwQApRlePikjaMN+vEl0EU5pA5eYMJ/Q CcVj8zIaENtUILHG7e1XIWsg47RgC6MaSdTdDyezKW/1IW6zhn2PgVrWTv0Z5kjp ghPQLdaPQYgnNPXg/u88m63eGgN/ph7s8na34GStRWMom5XlBHEGpE/hnrTswwS7 8AdBCbtxoGwu3PvZKoein0lDyYjRLOJt3M3FDFSCZaRNn39dJT582FdyblQf5W7Z TIAhneO1bQsQxpcUiOEEGBJw/DVewKVQ/ujDv/kXkVkOi6cd3KJRbu81fWJeSnWC 02bPiv/cvNSrpJz4qDQG87RUo1GCP7AudO2ka1jHUUPJ8/Xnn0E= =Zm8e -----END PGP SIGNATURE-----