-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 08 Sep 2025 13:01:35 -0700 Source: mydumper Architecture: source Version: 0.10.1-2 Distribution: unstable Urgency: medium Maintainer: Otto Kekäläinen <otto@debian.org> Changed-By: Otto Kekäläinen <otto@debian.org> Closes: 1000014 1102002 1109991 Changes: mydumper (0.10.1-2) unstable; urgency=medium . [ Lee Garrett ] * Fix CVE-2025-30224 (Closes: #1102002): - The MySQL C client library (libmysqlclient) allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOAD LOCAL INFILE query, leading to sensitive information disclosure when clients connect to untrusted MySQL servers without explicitly disabling the local infile capability. Mydumper had the local infile option enabled by default and does not have an option to disable it. This can lead to an unexpected arbitrary file read if the Mydumper tool connects to an untrusted server. * Add autopkgtest integration tests * Add debian/gbp.conf . [ Otto Kekäläinen ] * Apply `wrap-and-sort -vast` to make tracking changes easier in git * Add myself as maintainer (Closes: #1109991) * Replace outdated PCRE3 with modern PCRE2 (Closes: #1000014) * Add patch to make current MyDumper version compile with pcre2 * Remove patches that are missing from debian/patches/series * Enable Salsa CI using default template * Clean up changelog Checksums-Sha1: c64a559bc7d93bbb62e7118404d9ce2e5784c383 2078 mydumper_0.10.1-2.dsc 30aff2aac1986451bcb12fe60bdb3143d2d8f8c6 10564 mydumper_0.10.1-2.debian.tar.xz 68ebfa6c5eba355ca0823335cac4df503923363c 8837 mydumper_0.10.1-2_source.buildinfo Checksums-Sha256: f4e8cce588589f7eaf5122bdf8910c610220955bff1c3ddd794a79034cff390b 2078 mydumper_0.10.1-2.dsc 08e2d8ced434a6a9b91327e557458db8b0be62de5ef88966788e71f8dd1428ae 10564 mydumper_0.10.1-2.debian.tar.xz 809ffb6bd4c1e9a36d54251d72ac1f0094c32a7e9fc9475ed43efe228a50fff1 8837 mydumper_0.10.1-2_source.buildinfo Files: ca7e951a367e3e7e0710feaf46ee7af5 2078 database extra mydumper_0.10.1-2.dsc 9c5535fd575d082a88b086f5eb059a39 10564 database extra mydumper_0.10.1-2.debian.tar.xz e37c6c68bbc701e933f4272107418bc5 8837 database extra mydumper_0.10.1-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEmbRSsR88dMO0U+RvvthEn87o2ogFAmi/OMYACgkQvthEn87o 2oixHBAAhcFD7soD4dsm4BLWHwZtc8q9eG+kDgsTjJGzJdKj4AyntiB09H0axWdF vmCMUz9ZkF1rPX0zzKSCsDbYlx9590rzP7lJcD/fAFmMpTi1YCbUVYj+sHr2L+tz 5BGrFrWuqmoK0hvcewuZe4NVH9YP9DcuRlKENOs9kHg6Hqmnf37cTk7kHtz1/Uds eqVSuvTAPOfSHGzdqBuwUP45/RTAD1TD4a9RgZjPzwWfP5KUjBkH8ji1IwGCFAOh 0euvV8xFZ3/dPar4vEsakXMGSFU8Tl/Fecq+8lw/UG9FAA6kOpYpQ1AtXT5ztM7E BvCSJnuuegGjusvOuxgJ86bwAW9DChIEH7zkBhLCGNVRi8b1CPthyTelFMJy62mW kd5wcGJO1ip0QutBM+jGuUhqubHX36GO7Zpa5qn8J9HYYxLyCe+WiJlFMPAkgKON WgRxI6xK5PvW+X+myc54GcX9Vs6Xz2pUQep1/3/OXhJYfygiYXjc8WFVeH00zuyi DKLzwyuXI4cm3VAUetM+eoPUxeObPTE4vR+amhR2Y7qK33VWuI4R4xVGP1Egu0Jq UyfPh/weDX3ftJaD5vckO8uphhdwPnd0NHIBCTNHjYU627vH/Rjtig2LOJ4DwqtH 6RPHNM/RHBhFLwQEFlLAIrKe8I2JPGdsbKZuHQnrXKCbaykTiMQ= =c/k2 -----END PGP SIGNATURE-----