-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 May 2025 21:07:17 +0200 Source: mydumper Architecture: source Version: 0.10.1-1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Mateusz Kijowski Changed-By: Lee Garrett Changes: mydumper (0.10.1-1+deb12u1) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS team. * Fix CVE-2025-30224: - The MySQL C client library (libmysqlclient) allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOAD LOCAL INFILE query, leading to sensitive information disclosure when clients connect to untrusted MySQL servers without explicitly disabling the local infile capability. Mydumper had the local infile option enabled by default and does not have an option to disable it. This can lead to an unexpected arbitrary file read if the Mydumper tool connects to an untrusted server. * Add autopkgtest integration tests * Add debian/gbp.conf Checksums-Sha1: 2bdbadcdecdb3d815fc0fd1e644640dc47ff2ac8 2812 mydumper_0.10.1-1+deb12u1.dsc 23565b6860f2fe19d7b478895d18a71d03d61838 9008 mydumper_0.10.1-1+deb12u1.debian.tar.xz a571e44da6b3a8e0a36c934dea5a334cb3a49903 10901 mydumper_0.10.1-1+deb12u1_amd64.buildinfo Checksums-Sha256: dd9e0cd16bd460a46ad13e49c5e88b52cd2f2dd9fdba70cbd53b934801513e38 2812 mydumper_0.10.1-1+deb12u1.dsc 957628060a3df6c7c814933bdb372fdc319fa7c4d2093bc8093181a0c45bfc98 9008 mydumper_0.10.1-1+deb12u1.debian.tar.xz a187d4882ba9100db6d471bcd422c107dc72c9db55cd74960ecf7bb3b66872c9 10901 mydumper_0.10.1-1+deb12u1_amd64.buildinfo Files: 7b2adf759cb5d4123f9b44c633c10148 2812 database extra mydumper_0.10.1-1+deb12u1.dsc 49e5a4972cc0e93c2b6dd2331886a2e4 9008 database extra mydumper_0.10.1-1+deb12u1.debian.tar.xz 3638c4d5a249fa183619e240553dfd90 10901 database extra mydumper_0.10.1-1+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEE2EfGJRCpwv8kLOAs1gShxII+4PgFAmg4ssgACgkQ1gShxII+ 4PgOIB//buryjCenWthb1xgRMpUcuPYXsXEoArUYi68ZgaTkrimHSmltJwo1XMaG O5dexdeWtgxzUI9iFsBlm/8iQAmAQH5AebIgmQYxwGWAtjzkEqMxWMAj/prLBa7i P99Prj/RxkrkYbqSmWDuECp46ouyXSZ6spZ0iyS+vSJK2BEAKUErkJuvZ2nE7voO rb+1P0IZImABhtHP0DoClhsjd1OpdkLl8fPKoeALYXbZ3w4vAZQHV/gNIuktnKf+ viX4jfwiscXu9zToVlA0nG7MGNf4A1+vtej0ZQm0rMpAXg1nd/iG+MZgp39ETx6R P3cPmue+7wiRnfM3YLbt0cQIEYaKgIJ6Uy2IPtxxyV1RqFkpFPsiMv+Z6ehnaK7J k0rSld0TtIWRFO29Z9rjzdM5AobL12jxbwbdszFrdBHY5V5EDGFEnSbn/IOwJje3 5TZGzLHlDR7vZLIC6fJFbeakLkRS+iQzokxuD9bW16ATvLzitBvE9bAB83xqFuJl W7lHReZuzC5itdwSCS5zVOeb8ek9ro8g0bl5h5fQXiC/b7S47bc5vxsubI+pj2aL XTYBO5TXmtMFElzKhloVlbMN3awvqnXzky/cyQkCMsWp8gB6xNClw0s7Gyer9zWl q4Ax+BnRMIH61BcYfQ1DH/QgfcZ6bN7DSyp9nwn3pBsrOXgEjwfdgMdvXg/q1TLy MXRtwwIriLM9MLrO8/tVs25onn/LkiZhHs7FNurdYyn5fyX7joUnXHQHqpPKOOoI 6fPpGZD1jxUHZTn/C8JTQj4MZvokSCNU1jAaQSOH8/gj0R6rv5nM9IjGvnG3z5Si ak7+0Y0T8QAXtMOVCgRZR0hkOU5AIORqDIaAiecuUVr1wjsI0h2QqLNo3juQxNt0 V+9RPxxREdCXnRi2A96kgA3uD0+6K6NJrUJcgG0B9yugY1v7fE0JEoEVgQ+7iHK8 Hdnw+GBplJaia368S9Jwu+REv+H6QrX4xphXZBGHAgozDcRT5Xej/GVtx6MOpFQc YRHrSiig/SYaCLOYa9duRB1ZgNjAIVUivZhU0g4G4cFsb11DIEHxQ6DkOkXyrEgS n1bcLthLAizyQMAfMY/oY72BaXzK2XbqcT7yvwI/lk7zA/IPdKTXC+sRiNlArHAM EqauRy2oJJ7pWOLQ73ElY6FS9u5i+cYGmgSVFhVyidhjlBQ8JS93QhGh2HRhJoCP C05ud3GVlZ70HRfcAtJvF7MlYStOnihPJkDe09H7T7KGbVv8fOjTltUpT1EmZdTc gZ5cb7qVDYmPdXXjoBCDwH2Dj/PmgjSJHcDWQAx/Whf7V4ctLPlJ7+htAo+uTaEU ue4Q6JQlhes5n1iCFPX1GNCmtR1Hwg== =fiXq -----END PGP SIGNATURE-----