-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 29 May 2025 21:07:17 +0200
Source: mydumper
Architecture: source
Version: 0.10.1-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Mateusz Kijowski <mateusz.kijowski@gmail.com>
Changed-By: Lee Garrett <debian@rocketjump.eu>
Changes:
mydumper (0.10.1-1+deb12u1) bookworm; urgency=medium
.
* Non-maintainer upload by the Debian LTS team.
* Fix CVE-2025-30224:
- The MySQL C client library (libmysqlclient) allows authenticated remote
actors to read arbitrary files from client systems via a crafted server
response to LOAD LOCAL INFILE query, leading to sensitive information
disclosure when clients connect to untrusted MySQL servers without
explicitly disabling the local infile capability. Mydumper had the local
infile option enabled by default and does not have an option to disable
it. This can lead to an unexpected arbitrary file read if the Mydumper
tool connects to an untrusted server.
* Add autopkgtest integration tests
* Add debian/gbp.conf
Checksums-Sha1:
2bdbadcdecdb3d815fc0fd1e644640dc47ff2ac8 2812 mydumper_0.10.1-1+deb12u1.dsc
23565b6860f2fe19d7b478895d18a71d03d61838 9008 mydumper_0.10.1-1+deb12u1.debian.tar.xz
a571e44da6b3a8e0a36c934dea5a334cb3a49903 10901 mydumper_0.10.1-1+deb12u1_amd64.buildinfo
Checksums-Sha256:
dd9e0cd16bd460a46ad13e49c5e88b52cd2f2dd9fdba70cbd53b934801513e38 2812 mydumper_0.10.1-1+deb12u1.dsc
957628060a3df6c7c814933bdb372fdc319fa7c4d2093bc8093181a0c45bfc98 9008 mydumper_0.10.1-1+deb12u1.debian.tar.xz
a187d4882ba9100db6d471bcd422c107dc72c9db55cd74960ecf7bb3b66872c9 10901 mydumper_0.10.1-1+deb12u1_amd64.buildinfo
Files:
7b2adf759cb5d4123f9b44c633c10148 2812 database extra mydumper_0.10.1-1+deb12u1.dsc
49e5a4972cc0e93c2b6dd2331886a2e4 9008 database extra mydumper_0.10.1-1+deb12u1.debian.tar.xz
3638c4d5a249fa183619e240553dfd90 10901 database extra mydumper_0.10.1-1+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEE2EfGJRCpwv8kLOAs1gShxII+4PgFAmg4ssgACgkQ1gShxII+
4PgOIB//buryjCenWthb1xgRMpUcuPYXsXEoArUYi68ZgaTkrimHSmltJwo1XMaG
O5dexdeWtgxzUI9iFsBlm/8iQAmAQH5AebIgmQYxwGWAtjzkEqMxWMAj/prLBa7i
P99Prj/RxkrkYbqSmWDuECp46ouyXSZ6spZ0iyS+vSJK2BEAKUErkJuvZ2nE7voO
rb+1P0IZImABhtHP0DoClhsjd1OpdkLl8fPKoeALYXbZ3w4vAZQHV/gNIuktnKf+
viX4jfwiscXu9zToVlA0nG7MGNf4A1+vtej0ZQm0rMpAXg1nd/iG+MZgp39ETx6R
P3cPmue+7wiRnfM3YLbt0cQIEYaKgIJ6Uy2IPtxxyV1RqFkpFPsiMv+Z6ehnaK7J
k0rSld0TtIWRFO29Z9rjzdM5AobL12jxbwbdszFrdBHY5V5EDGFEnSbn/IOwJje3
5TZGzLHlDR7vZLIC6fJFbeakLkRS+iQzokxuD9bW16ATvLzitBvE9bAB83xqFuJl
W7lHReZuzC5itdwSCS5zVOeb8ek9ro8g0bl5h5fQXiC/b7S47bc5vxsubI+pj2aL
XTYBO5TXmtMFElzKhloVlbMN3awvqnXzky/cyQkCMsWp8gB6xNClw0s7Gyer9zWl
q4Ax+BnRMIH61BcYfQ1DH/QgfcZ6bN7DSyp9nwn3pBsrOXgEjwfdgMdvXg/q1TLy
MXRtwwIriLM9MLrO8/tVs25onn/LkiZhHs7FNurdYyn5fyX7joUnXHQHqpPKOOoI
6fPpGZD1jxUHZTn/C8JTQj4MZvokSCNU1jAaQSOH8/gj0R6rv5nM9IjGvnG3z5Si
ak7+0Y0T8QAXtMOVCgRZR0hkOU5AIORqDIaAiecuUVr1wjsI0h2QqLNo3juQxNt0
V+9RPxxREdCXnRi2A96kgA3uD0+6K6NJrUJcgG0B9yugY1v7fE0JEoEVgQ+7iHK8
Hdnw+GBplJaia368S9Jwu+REv+H6QrX4xphXZBGHAgozDcRT5Xej/GVtx6MOpFQc
YRHrSiig/SYaCLOYa9duRB1ZgNjAIVUivZhU0g4G4cFsb11DIEHxQ6DkOkXyrEgS
n1bcLthLAizyQMAfMY/oY72BaXzK2XbqcT7yvwI/lk7zA/IPdKTXC+sRiNlArHAM
EqauRy2oJJ7pWOLQ73ElY6FS9u5i+cYGmgSVFhVyidhjlBQ8JS93QhGh2HRhJoCP
C05ud3GVlZ70HRfcAtJvF7MlYStOnihPJkDe09H7T7KGbVv8fOjTltUpT1EmZdTc
gZ5cb7qVDYmPdXXjoBCDwH2Dj/PmgjSJHcDWQAx/Whf7V4ctLPlJ7+htAo+uTaEU
ue4Q6JQlhes5n1iCFPX1GNCmtR1Hwg==
=fiXq
-----END PGP SIGNATURE-----
Attachment:
pgplP4sKydLvM.pgp
Description: PGP signature