-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 May 2025 22:11:53 +0200 Source: mydumper Binary: mydumper-doc Architecture: all Version: 0.10.1-1+deb12u2 Distribution: bookworm Urgency: medium Maintainer: all Build Daemon (x86-csail-02) Changed-By: Lee Garrett Description: mydumper-doc - High-performance MySQL backup tool - documentation Changes: mydumper (0.10.1-1+deb12u2) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS team. * Fix CVE-2025-30224: - The MySQL C client library (libmysqlclient) allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOAD LOCAL INFILE query, leading to sensitive information disclosure when clients connect to untrusted MySQL servers without explicitly disabling the local infile capability. Mydumper had the local infile option enabled by default and does not have an option to disable it. This can lead to an unexpected arbitrary file read if the Mydumper tool connects to an untrusted server. * Add autopkgtest integration tests * Add debian/gbp.conf Checksums-Sha1: 93fe4fb3c0599d07e3c70aebf79c2f200a26a927 26560 mydumper-doc_0.10.1-1+deb12u2_all.deb 3bd3834fe5183768f124478ce4f65b0ad0d4854d 9368 mydumper_0.10.1-1+deb12u2_all-buildd.buildinfo Checksums-Sha256: 056e69b9481dd5f7e6bfc68ba4485b07495fb01c0fe6dc1e6776bdcf0a3de462 26560 mydumper-doc_0.10.1-1+deb12u2_all.deb 7b66ace1762fa3c892e49297df6350bbdd35c9c8ff445fba60957338d1e234ff 9368 mydumper_0.10.1-1+deb12u2_all-buildd.buildinfo Files: 13ee0263d82210958b7af8e88faddf1d 26560 doc extra mydumper-doc_0.10.1-1+deb12u2_all.deb dbf91894e983ae254856849fef5bab59 9368 database extra mydumper_0.10.1-1+deb12u2_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEELusn8jY95Sf7obGlx30Wh8LXl/YFAmjB568ACgkQx30Wh8LX l/b8tBAA2AThvENY948p54sO+ULqa5A1v+XsRMH7b8WR4geyElFamfAAcxR4RsyI iScP2NBjNYPUw3oPBRkiM9hhTnSj+CR8PoUqsiI/GOzjyyJT+78AYL2ZlajiUsU5 8XZZvopypoasioPPDy4jrJ+1yIRm+FP1aPhFO11nQrMqaVBWjZXeZ3ffRSV63T5I 1sqD8hXNGZilN0+YeJPIvo02TNHpX9/z2aVsw27+lmXy7gZ08/lqSZ7u37GB5SrO TewqZQFhORHNM6KHsJZZOn/Zde8/zSJNyngUF1bnlPWE/IMcMgu0nCRPPo6olXy+ LKeGMwt6IVxj9iF187XkMYw7SMxoobb6Asdpn2T99MCC5AVMgRdhmZkOwwzV0/rN /8xpurk5zq1feZCG3y66npkI52+4tmc6ehB+My/Tp9X6XHqMEmmiV6jBXpg3cPux j8TnfShbWDK5ZBTjhTEvkdxzBQbA/vY3AUWiAVPWYt2iAC0xDsf2vcN6KdoBQvyB qNdEQ+92OgG/85A2W3QC3GkRy0PPqzZPfa8f1o0+pTQfsW7ULeb5M94veuhFCzvQ mxtmkozxMFk1ENu3p36UT9n44nRaJ+4DpmWD6TaLhy+4NX/de5IhQYRzu4PhnGyY 6UKCO78aiGTME4skc9gG+bJeCpevniM5FC7o/SBZdOk5bjZpPSU= =JABv -----END PGP SIGNATURE-----