-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 29 May 2025 22:11:53 +0200
Source: mydumper
Architecture: source
Version: 0.10.1-1+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Mateusz Kijowski <mateusz.kijowski@gmail.com>
Changed-By: Lee Garrett <debian@rocketjump.eu>
Changes:
mydumper (0.10.1-1+deb12u2) bookworm; urgency=medium
.
* Non-maintainer upload by the Debian LTS team.
* Fix CVE-2025-30224:
- The MySQL C client library (libmysqlclient) allows authenticated remote
actors to read arbitrary files from client systems via a crafted server
response to LOAD LOCAL INFILE query, leading to sensitive information
disclosure when clients connect to untrusted MySQL servers without
explicitly disabling the local infile capability. Mydumper had the local
infile option enabled by default and does not have an option to disable
it. This can lead to an unexpected arbitrary file read if the Mydumper
tool connects to an untrusted server.
* Add autopkgtest integration tests
* Add debian/gbp.conf
Checksums-Sha1:
d541c659bffac15214b83053cb1c7b65841cd4a9 2812 mydumper_0.10.1-1+deb12u2.dsc
c2173321e4ede3363b8df30757bcc244e09aaa91 9012 mydumper_0.10.1-1+deb12u2.debian.tar.xz
112827249d813cc4ae50ad42ae2580e90ddd8d29 10901 mydumper_0.10.1-1+deb12u2_amd64.buildinfo
Checksums-Sha256:
8567bca8b16e69e49ba941da31e0561b716cf1d2c2cf6bab4ad8ec24ceb2aca5 2812 mydumper_0.10.1-1+deb12u2.dsc
b7333a68b9ceaad80995071f9be20083a34ffd3263804e93e9d2eb036d96cdc4 9012 mydumper_0.10.1-1+deb12u2.debian.tar.xz
9c7fc8daf206d1717afad9ee4145e22d092bc918de7ad6ac01a5fe7fe8e53807 10901 mydumper_0.10.1-1+deb12u2_amd64.buildinfo
Files:
ea64e3ad8126d026a8a8b45495b9ea33 2812 database extra mydumper_0.10.1-1+deb12u2.dsc
bcfc5af535344d07bcdede584b26c25c 9012 database extra mydumper_0.10.1-1+deb12u2.debian.tar.xz
470b941cff5948fb72a0d0aa747345f0 10901 database extra mydumper_0.10.1-1+deb12u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEE2EfGJRCpwv8kLOAs1gShxII+4PgFAmg4v+AACgkQ1gShxII+
4PjAZR//XQBf6bTqVV7uRTPPBJKhfOkhecvdjphgQ63suS6OWkjtBVd26wVHo5rz
BqJfmtBtiOe5dJ6Bkhdj7QQIEyDTxNu7Z1aJKzeHd5F/oFpucjY03//BLOmBlcIF
is0Wl2JE6ga4U5tmQ22ZbxsaWQ4qqqaRqK6NP2Pwj0S+Ug/3Fv3WR8kocj20KjCn
k97oPw5QStIPXTTjVpHvRVqyPUooL/WGIhJ6yTwVEs6qxfiPvGHeNPoc3JeNSNAB
lnieyDBLHfPHjRHwaLLaFQaUlJEH3/E/csR4zf4KDrqkuTbDPyqhfRnOYx7/SW71
OfVyP4FgMDqmov8J22yLEWBv0d8ACb4Pi6oKVyN80/0xi7CDHcyYQc3cbiFQVtyw
QQoyy4nScEvUxO2z1MadVdWSs/MGA5MxPxdUIqAszAarBlbs1JPJKqnn1J+3Whh5
qCQMCro9gz2BKugLE1Q8e8SpTD4qXMnEuKvRuBPw+eTHZVZXuN/xp7rtoquuF8uz
YOquMvU5jAiROujxkf9BNqsPOq9ave1QN81hp8u+CgIlrwYnAbJugq2fo4nTSvV3
Lj9sLb0VDsmTu+aWbfg7X8hfzUJ/Z6DurEkUbLs8p8qx26wHuM3ANT1uk1xvhznO
5n0DsCccgtMWwAh0s4oCLKxK+Dl7yG4vW+rS04dGJ3vMFMQ/fBG41PERBPHWgmfJ
aaCEciHXMVhwOgqraUG9eDowZSda9xFA4/Jfkac2urvh5wn0UH5mAceMuPJPoA9x
eLtT9E03ZJCWBn6OABL2d8NIowgkX3Dvs+DSdF+erupa+jmOPCMJ/QGDmubl1ZR3
R6WZ1Go0sXYOZCTeEA/CLZ99HkSQqq0HLpK119MDV+1h2yM7U0tUlRc9Mc4sk/Ba
DvPke+rQ6IfZ9tdmNaA51mbvVc/tiPG2WhV0I2RUOmU6Os4NcvRw7CNMm1KNLjn3
afwpAbCjhl08laSb98RytjCjSdtPxLq9ztGRgc2wFNrfle6r21stzk7pTELSSPpF
XGyf2jTislh1PhDQOLchpc7rNK6YIgImC0nJjW1NyrAv0AwTic9KWHsJ5FCQxzzE
odiALZvqFpUeH+0t1LpO8UF7eYWDlz1K7g89QG9Svv3u6navGkWCMMI48zysc8Y5
/eyVA64kQUUx/uhmyYKIwplCwaSdlVzx5Kir7tNdaxiIPv/dlYSD4yuG+U5m1JGr
K/1A1XXkqYyBb1P5mgcH69RmT/1tQbXwuCtBlMg3aP7vvKYfKsZSEBZwj+CLksqf
mSBRdFgUk0Vj3W1uRM6oxOd1Kq6U/OXXlUqXFIYDiDrCv1G021IY6QFnWOt1LqDH
2sNkWvVql/E2viGqj6k4k6VqC+oJNQ==
=o7FD
-----END PGP SIGNATURE-----
Attachment:
pgpT0c9o5hdKV.pgp
Description: PGP signature