Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted mydumper 0.10.1-2 (source) into unstable
Date: Tue, 09 Sep 2025 03:38:38 +0000
Signed by: Otto Kekäläinen <otto@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 08 Sep 2025 13:01:35 -0700
Source: mydumper
Architecture: source
Version: 0.10.1-2
Distribution: unstable
Urgency: medium
Maintainer: Otto Kekäläinen <otto@debian.org>
Changed-By: Otto Kekäläinen <otto@debian.org>
Closes: 1000014 1102002 1109991
Changes:
 mydumper (0.10.1-2) unstable; urgency=medium
 .
   [ Lee Garrett ]
   * Fix CVE-2025-30224 (Closes: #1102002):
     - The MySQL C client library (libmysqlclient) allows authenticated remote
       actors to read arbitrary files from client systems via a crafted server
       response to LOAD LOCAL INFILE query, leading to sensitive information
       disclosure when clients connect to untrusted MySQL servers without
       explicitly disabling the local infile capability. Mydumper had the local
       infile option enabled by default and does not have an option to disable
       it. This can lead to an unexpected arbitrary file read if the Mydumper
       tool connects to an untrusted server.
   * Add autopkgtest integration tests
   * Add debian/gbp.conf
 .
   [ Otto Kekäläinen ]
   * Apply `wrap-and-sort -vast` to make tracking changes easier in git
   * Add myself as maintainer (Closes: #1109991)
   * Replace outdated PCRE3 with modern PCRE2 (Closes: #1000014)
   * Add patch to make current MyDumper version compile with pcre2
   * Remove patches that are missing from debian/patches/series
   * Enable Salsa CI using default template
   * Clean up changelog
Checksums-Sha1:
 c64a559bc7d93bbb62e7118404d9ce2e5784c383 2078 mydumper_0.10.1-2.dsc
 30aff2aac1986451bcb12fe60bdb3143d2d8f8c6 10564 mydumper_0.10.1-2.debian.tar.xz
 68ebfa6c5eba355ca0823335cac4df503923363c 8837 mydumper_0.10.1-2_source.buildinfo
Checksums-Sha256:
 f4e8cce588589f7eaf5122bdf8910c610220955bff1c3ddd794a79034cff390b 2078 mydumper_0.10.1-2.dsc
 08e2d8ced434a6a9b91327e557458db8b0be62de5ef88966788e71f8dd1428ae 10564 mydumper_0.10.1-2.debian.tar.xz
 809ffb6bd4c1e9a36d54251d72ac1f0094c32a7e9fc9475ed43efe228a50fff1 8837 mydumper_0.10.1-2_source.buildinfo
Files:
 ca7e951a367e3e7e0710feaf46ee7af5 2078 database extra mydumper_0.10.1-2.dsc
 9c5535fd575d082a88b086f5eb059a39 10564 database extra mydumper_0.10.1-2.debian.tar.xz
 e37c6c68bbc701e933f4272107418bc5 8837 database extra mydumper_0.10.1-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmbRSsR88dMO0U+RvvthEn87o2ogFAmi/OMYACgkQvthEn87o
2oixHBAAhcFD7soD4dsm4BLWHwZtc8q9eG+kDgsTjJGzJdKj4AyntiB09H0axWdF
vmCMUz9ZkF1rPX0zzKSCsDbYlx9590rzP7lJcD/fAFmMpTi1YCbUVYj+sHr2L+tz
5BGrFrWuqmoK0hvcewuZe4NVH9YP9DcuRlKENOs9kHg6Hqmnf37cTk7kHtz1/Uds
eqVSuvTAPOfSHGzdqBuwUP45/RTAD1TD4a9RgZjPzwWfP5KUjBkH8ji1IwGCFAOh
0euvV8xFZ3/dPar4vEsakXMGSFU8Tl/Fecq+8lw/UG9FAA6kOpYpQ1AtXT5ztM7E
BvCSJnuuegGjusvOuxgJ86bwAW9DChIEH7zkBhLCGNVRi8b1CPthyTelFMJy62mW
kd5wcGJO1ip0QutBM+jGuUhqubHX36GO7Zpa5qn8J9HYYxLyCe+WiJlFMPAkgKON
WgRxI6xK5PvW+X+myc54GcX9Vs6Xz2pUQep1/3/OXhJYfygiYXjc8WFVeH00zuyi
DKLzwyuXI4cm3VAUetM+eoPUxeObPTE4vR+amhR2Y7qK33VWuI4R4xVGP1Egu0Jq
UyfPh/weDX3ftJaD5vckO8uphhdwPnd0NHIBCTNHjYU627vH/Rjtig2LOJ4DwqtH
6RPHNM/RHBhFLwQEFlLAIrKe8I2JPGdsbKZuHQnrXKCbaykTiMQ=
=c/k2
-----END PGP SIGNATURE-----
News for package mydumper
