-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 May 2025 22:11:53 +0200 Source: mydumper Binary: mydumper mydumper-dbgsym Architecture: s390x Version: 0.10.1-1+deb12u2 Distribution: bookworm Urgency: medium Maintainer: s390x Build Daemon (zani) Changed-By: Lee Garrett Description: mydumper - High-performance MySQL backup tool Changes: mydumper (0.10.1-1+deb12u2) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS team. * Fix CVE-2025-30224: - The MySQL C client library (libmysqlclient) allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOAD LOCAL INFILE query, leading to sensitive information disclosure when clients connect to untrusted MySQL servers without explicitly disabling the local infile capability. Mydumper had the local infile option enabled by default and does not have an option to disable it. This can lead to an unexpected arbitrary file read if the Mydumper tool connects to an untrusted server. * Add autopkgtest integration tests * Add debian/gbp.conf Checksums-Sha1: 27415d62589fd91b09fc6f21d0ba8004d8575dad 117036 mydumper-dbgsym_0.10.1-1+deb12u2_s390x.deb c6c5420dc52b9bc60a79f71bb6c1eccd88d8e8cb 9555 mydumper_0.10.1-1+deb12u2_s390x-buildd.buildinfo 42f231b86287429266fc782a5a5d5ba08eb988ab 42288 mydumper_0.10.1-1+deb12u2_s390x.deb Checksums-Sha256: a66e138b11cbe72ece9ad7032bdccb471b272747c72febf3cc4d964a9e82a92e 117036 mydumper-dbgsym_0.10.1-1+deb12u2_s390x.deb 11db0ea3de81ca01a9526f8b074fbf386aec4fb1df47557638413d11cfcf3e3b 9555 mydumper_0.10.1-1+deb12u2_s390x-buildd.buildinfo d9b53c72e05436eefc5aba8c448f28d3722a123f708c67bcefd4f06d36135fad 42288 mydumper_0.10.1-1+deb12u2_s390x.deb Files: 867afc6f46894aaec8967a86d21f3cee 117036 debug optional mydumper-dbgsym_0.10.1-1+deb12u2_s390x.deb 6af827ab74a82ff2fbc1e80b9439a997 9555 database extra mydumper_0.10.1-1+deb12u2_s390x-buildd.buildinfo 0f69b625a3ef1c2910690c52256ffe5f 42288 database extra mydumper_0.10.1-1+deb12u2_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgh4msZ+e2PZfd5KckaCrxAR3BY0FAmjB544ACgkQkaCrxAR3 BY0nZA//R3hAd1qQ6+wM8ZJhz4Nb1jahyoU/ivsq2M0jwv6nJRnkOEV/R93gJZcs S8sHS16OxNhBUwm/ax5w060EsCFkn3u2oOmJLVuxoffKWlIsaXjEoQDbLUOWz+jd Pu9zLTjYkAHBmyGQmAZiWdE35W4rNWAblGkEZP9ZlHNLbKAVpG0f/QnoBQJMFDYh QcsWVq/g+ZMjjYHXMeRnircre2xlvMB4JnM2WhGDYGF7xYmON/9sYty+Mo3dAcOu uRPgtawMh+3xrktiWamDQvmVl5eXQ38k4AnSxVeFmIj33EN90oyogCBTQsSGPL+Z jltzuXq75Vi6DDiQDsGyK5ohSRB7/dCCfXBhftv5E/bJLsK9YfDjlTgNyQO0mcyw +hVM7MiAPhk1ahj/cwBdTw27M3zRAUiJlN5Eybz1SnfdZqDpf0tg4GcVMYwUnwk5 4u7015Y8Kv7T1CKmiYGp/QmZdbEkr4Byufudz1LRBlgsb6V8gpnXURV7MvHA3QT+ RLtm/KJb7AT8iBwjr2MLfVQvZVyalcmrAXJLptF+vzinWdrhyTU1aHhnPOQGj8LU nHfFeChbkoB2XXWGoKm+0hpdWmv7vc4aTpA2fhY7vxd5Mnnc+LIbW+SwYTf9YSPf 3Yf2slSCorO6l+JYRLSaF/XUnC/BY2TFpSM+jaOrRtR5AVIXJAI= =qOkS -----END PGP SIGNATURE-----