-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 29 May 2025 21:23:56 +0200
Source: mydumper
Architecture: source
Version: 0.10.1-1+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Mateusz Kijowski <mateusz.kijowski@gmail.com>
Changed-By: Lee Garrett <debian@rocketjump.eu>
Changes:
mydumper (0.10.1-1+deb11u1) bullseye-security; urgency=medium
.
* Non-maintainer upload by the Debian LTS team.
* Fix CVE-2025-30224:
- The MySQL C client library (libmysqlclient) allows authenticated remote
actors to read arbitrary files from client systems via a crafted server
response to LOAD LOCAL INFILE query, leading to sensitive information
disclosure when clients connect to untrusted MySQL servers without
explicitly disabling the local infile capability. Mydumper had the local
infile option enabled by default and does not have an option to disable
it. This can lead to an unexpected arbitrary file read if the Mydumper
tool connects to an untrusted server.
* Add autopkgtest integration tests
* Add debian/gbp.conf
Checksums-Sha1:
e5205be575a2935c35aa2945b3afe3b3a7c73f90 2812 mydumper_0.10.1-1+deb11u1.dsc
48e476b2fef8e74f1472049b762e50c72d35e6f5 63967 mydumper_0.10.1.orig.tar.gz
75ca07dec6899db77ba5b27b67814e224eaa196e 9004 mydumper_0.10.1-1+deb11u1.debian.tar.xz
275d0893976d8f291ce7a896812c746089b833b2 8786 mydumper_0.10.1-1+deb11u1_source.buildinfo
Checksums-Sha256:
c20442d5ab10564f0da53a7cd027912128a8b739385b3126c8271c9aedde2bec 2812 mydumper_0.10.1-1+deb11u1.dsc
66b64f0c9410143ab4a32794f58769965495ac0385882b239f2c928281c1e798 63967 mydumper_0.10.1.orig.tar.gz
e9ea93b74c99666d944854c0d54169adf8a88747592a20966bd7e3070d46f0d2 9004 mydumper_0.10.1-1+deb11u1.debian.tar.xz
c8930cf64ca3b462e21e52e7791e0d2cd5d028125c7168eb9a591bca0707d145 8786 mydumper_0.10.1-1+deb11u1_source.buildinfo
Files:
13a459ed66ecc7ff7a712fefdd280092 2812 database extra mydumper_0.10.1-1+deb11u1.dsc
d0c066acd5b07e5cd042a5ee1e216836 63967 database extra mydumper_0.10.1.orig.tar.gz
c95edca3f4d503e7654894d75c94773e 9004 database extra mydumper_0.10.1-1+deb11u1.debian.tar.xz
d1c05f6ed561666316d430b6c4f96986 8786 database extra mydumper_0.10.1-1+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEE2EfGJRCpwv8kLOAs1gShxII+4PgFAmg4z6kACgkQ1gShxII+
4PgX+R//cfesj9W7ERV4Hx46YN9mK4wSw1mE6QTtLaRx4wr9J9123DYocDm7NkGL
G9aMCmKG3wTR/Tbp2l3KgWcx7vXe4T3sD3m9MUEPx/syNChsYAGrhKRFwoZ2Rz/v
W6F1+Dq4NDj2HfAcItM0C5QH4iEz9bLM6EZkV7DroHHka3jLqIBPUfgQ3+LQao7W
OGif/Qf7o7/vW1Ls5H4cdGDj8x3YPgOzcMrUflScfoZHt7gPqedOtoFALwj12jmp
2hqCohMHpkAFnt22BnvhKJXcJMeiz2PmVRjLY55FFKJrjKi1SNf6hpEGTSQqwv5M
g9vZuPqWgav4a3C15EsL3L27s1dR75H4V9XW2W4EPpePRiAoskAVWizjip7nbLvl
dnTlx8NkqgIKGnSiDxUWLG7J/ojeVOIQHIli+FB6DxNtHQFvdmYCtJydIx+ZKcBP
We15/O0OdcRl08aJHxEmIW3saDZJoce5775B9nLWrEdV5PhELuoFnigEgoGA1cX8
uLYQh4o7k6t5nYOg0e9uIJhp58OZQ5NBFyVy9NjxE5FOGIaFX7f7mjq2rN2i+M8y
sF6BC0u0FXEOduD0i1+0YseGZm5RW3NlP6cqKaeObi2Bx9IHYCUBjVcnvbQBr+5D
TfttbXNSeGTNCkKIXXkB6LW/QBHAkI6mRlVSvETfecG01erYu8G4fbK6MRMMwCOn
7mNgBYbcep8Zn/aIp+DD1vrGDqZzMD7KPnuF6TrNxBC3gAjFZ3BnNhX91Ju0VHkg
aoJ0yylqcee9TTWN5yvcM30DS6V0XxrVDiuQCYHMDoz8IGJYvp3etVWF57pFRraJ
MNlREntYVsxUOfGImviqwK0RUoonRTkAydQIbmoGPTc+y4qeQ64/qgjQ7hgVz0vX
IIw9KVURKJT0YM7s+72BfXmeMLq19F8YDa3NNo2NYoYhkGdKn/1gjubDTwrDVgPe
L7+y9xq5+kNee9Xy2LihJcLZlqCUR+kXBIEqzMM/4IbOMVnqx+hVFsFrD+Jigx0Y
hQ/I3aqZE4n2rWlWpsuG7+V+BXUrCtktkY9eEi08uBBqmEofp1PIoSYUuhyr6SCD
NdMSrqguEW3tdjyIhDf+yWhliZFZjL0CJI7y03WiHq/PUWL2dCXA4ufTc1x3/rwR
JbwJmc3iGCyEfshIXhFkGOTiZjyFAJaqPe9Jb87+Nn8RH0GAkw0Q/ZMdadiBjqmm
DpM0zGezNnVb8BRSddTqC7jC+vDrPGHGbzWAZvybsgI3M+KXMgNJImdxWIaEDONw
d9FvseR71LywN/EoH7WRdtECSYOAdLeIdTUqkWrJCOk2XTuaOd5+b7TQbrbeir85
XmRibgimE9EUdOPGPt8snePpvQiPUQ==
=e+Fe
-----END PGP SIGNATURE-----
Attachment:
pgp0MrYpyJMlk.pgp
Description: PGP signature