-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 May 2025 22:11:53 +0200 Source: mydumper Architecture: source Version: 0.10.1-1+deb12u2 Distribution: bookworm Urgency: medium Maintainer: Mateusz Kijowski Changed-By: Lee Garrett Changes: mydumper (0.10.1-1+deb12u2) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS team. * Fix CVE-2025-30224: - The MySQL C client library (libmysqlclient) allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOAD LOCAL INFILE query, leading to sensitive information disclosure when clients connect to untrusted MySQL servers without explicitly disabling the local infile capability. Mydumper had the local infile option enabled by default and does not have an option to disable it. This can lead to an unexpected arbitrary file read if the Mydumper tool connects to an untrusted server. * Add autopkgtest integration tests * Add debian/gbp.conf Checksums-Sha1: d541c659bffac15214b83053cb1c7b65841cd4a9 2812 mydumper_0.10.1-1+deb12u2.dsc c2173321e4ede3363b8df30757bcc244e09aaa91 9012 mydumper_0.10.1-1+deb12u2.debian.tar.xz 112827249d813cc4ae50ad42ae2580e90ddd8d29 10901 mydumper_0.10.1-1+deb12u2_amd64.buildinfo Checksums-Sha256: 8567bca8b16e69e49ba941da31e0561b716cf1d2c2cf6bab4ad8ec24ceb2aca5 2812 mydumper_0.10.1-1+deb12u2.dsc b7333a68b9ceaad80995071f9be20083a34ffd3263804e93e9d2eb036d96cdc4 9012 mydumper_0.10.1-1+deb12u2.debian.tar.xz 9c7fc8daf206d1717afad9ee4145e22d092bc918de7ad6ac01a5fe7fe8e53807 10901 mydumper_0.10.1-1+deb12u2_amd64.buildinfo Files: ea64e3ad8126d026a8a8b45495b9ea33 2812 database extra mydumper_0.10.1-1+deb12u2.dsc bcfc5af535344d07bcdede584b26c25c 9012 database extra mydumper_0.10.1-1+deb12u2.debian.tar.xz 470b941cff5948fb72a0d0aa747345f0 10901 database extra mydumper_0.10.1-1+deb12u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEE2EfGJRCpwv8kLOAs1gShxII+4PgFAmg4v+AACgkQ1gShxII+ 4PjAZR//XQBf6bTqVV7uRTPPBJKhfOkhecvdjphgQ63suS6OWkjtBVd26wVHo5rz BqJfmtBtiOe5dJ6Bkhdj7QQIEyDTxNu7Z1aJKzeHd5F/oFpucjY03//BLOmBlcIF is0Wl2JE6ga4U5tmQ22ZbxsaWQ4qqqaRqK6NP2Pwj0S+Ug/3Fv3WR8kocj20KjCn k97oPw5QStIPXTTjVpHvRVqyPUooL/WGIhJ6yTwVEs6qxfiPvGHeNPoc3JeNSNAB lnieyDBLHfPHjRHwaLLaFQaUlJEH3/E/csR4zf4KDrqkuTbDPyqhfRnOYx7/SW71 OfVyP4FgMDqmov8J22yLEWBv0d8ACb4Pi6oKVyN80/0xi7CDHcyYQc3cbiFQVtyw QQoyy4nScEvUxO2z1MadVdWSs/MGA5MxPxdUIqAszAarBlbs1JPJKqnn1J+3Whh5 qCQMCro9gz2BKugLE1Q8e8SpTD4qXMnEuKvRuBPw+eTHZVZXuN/xp7rtoquuF8uz YOquMvU5jAiROujxkf9BNqsPOq9ave1QN81hp8u+CgIlrwYnAbJugq2fo4nTSvV3 Lj9sLb0VDsmTu+aWbfg7X8hfzUJ/Z6DurEkUbLs8p8qx26wHuM3ANT1uk1xvhznO 5n0DsCccgtMWwAh0s4oCLKxK+Dl7yG4vW+rS04dGJ3vMFMQ/fBG41PERBPHWgmfJ aaCEciHXMVhwOgqraUG9eDowZSda9xFA4/Jfkac2urvh5wn0UH5mAceMuPJPoA9x eLtT9E03ZJCWBn6OABL2d8NIowgkX3Dvs+DSdF+erupa+jmOPCMJ/QGDmubl1ZR3 R6WZ1Go0sXYOZCTeEA/CLZ99HkSQqq0HLpK119MDV+1h2yM7U0tUlRc9Mc4sk/Ba DvPke+rQ6IfZ9tdmNaA51mbvVc/tiPG2WhV0I2RUOmU6Os4NcvRw7CNMm1KNLjn3 afwpAbCjhl08laSb98RytjCjSdtPxLq9ztGRgc2wFNrfle6r21stzk7pTELSSPpF XGyf2jTislh1PhDQOLchpc7rNK6YIgImC0nJjW1NyrAv0AwTic9KWHsJ5FCQxzzE odiALZvqFpUeH+0t1LpO8UF7eYWDlz1K7g89QG9Svv3u6navGkWCMMI48zysc8Y5 /eyVA64kQUUx/uhmyYKIwplCwaSdlVzx5Kir7tNdaxiIPv/dlYSD4yuG+U5m1JGr K/1A1XXkqYyBb1P5mgcH69RmT/1tQbXwuCtBlMg3aP7vvKYfKsZSEBZwj+CLksqf mSBRdFgUk0Vj3W1uRM6oxOd1Kq6U/OXXlUqXFIYDiDrCv1G021IY6QFnWOt1LqDH 2sNkWvVql/E2viGqj6k4k6VqC+oJNQ== =o7FD -----END PGP SIGNATURE-----