[ubuntu/questing-proposed] mydumper 0.10.1-2ubuntu1 (Accepted)

Jeremy Bícha jbicha at ubuntu.com
Mon Sep 22 21:05:43 UTC 2025 

mydumper (0.10.1-2ubuntu1) questing; urgency=medium

  * Sync with Debian (LP: #2103906). Remaining change:
    - Disable 0003-ssl-mariadb-connector.patch to fix build in Ubuntu
      where MySQL is used by default instead of MariaDB

mydumper (0.10.1-2) unstable; urgency=medium

  [ Lee Garrett ]
  * Fix CVE-2025-30224 (Closes: #1102002):
    - The MySQL C client library (libmysqlclient) allows authenticated remote
      actors to read arbitrary files from client systems via a crafted server
      response to LOAD LOCAL INFILE query, leading to sensitive information
      disclosure when clients connect to untrusted MySQL servers without
      explicitly disabling the local infile capability. Mydumper had the local
      infile option enabled by default and does not have an option to disable
      it. This can lead to an unexpected arbitrary file read if the Mydumper
      tool connects to an untrusted server.
  * Add autopkgtest integration tests
  * Add debian/gbp.conf

  [ Otto Kekäläinen ]
  * Apply `wrap-and-sort -vast` to make tracking changes easier in git
  * Add myself as maintainer (Closes: #1109991)
  * Replace outdated PCRE3 with modern PCRE2 (Closes: #1000014)
  * Add patch to make current MyDumper version compile with pcre2
  * Remove patches that are missing from debian/patches/series
  * Enable Salsa CI using default template
  * Clean up changelog

Date: Mon, 22 Sep 2025 16:55:55 -0400
Changed-By: Jeremy Bícha <jbicha at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/mydumper/0.10.1-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 22 Sep 2025 16:55:55 -0400
Source: mydumper
Built-For-Profiles: noudeb
Architecture: source
Version: 0.10.1-2ubuntu1
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jeremy Bícha <jbicha at ubuntu.com>
Closes: 1000014 1102002 1109991
Launchpad-Bugs-Fixed: 2103906
Changes:
 mydumper (0.10.1-2ubuntu1) questing; urgency=medium
 .
   * Sync with Debian (LP: #2103906). Remaining change:
     - Disable 0003-ssl-mariadb-connector.patch to fix build in Ubuntu
       where MySQL is used by default instead of MariaDB
 .
 mydumper (0.10.1-2) unstable; urgency=medium
 .
   [ Lee Garrett ]
   * Fix CVE-2025-30224 (Closes: #1102002):
     - The MySQL C client library (libmysqlclient) allows authenticated remote
       actors to read arbitrary files from client systems via a crafted server
       response to LOAD LOCAL INFILE query, leading to sensitive information
       disclosure when clients connect to untrusted MySQL servers without
       explicitly disabling the local infile capability. Mydumper had the local
       infile option enabled by default and does not have an option to disable
       it. This can lead to an unexpected arbitrary file read if the Mydumper
       tool connects to an untrusted server.
   * Add autopkgtest integration tests
   * Add debian/gbp.conf
 .
   [ Otto Kekäläinen ]
   * Apply `wrap-and-sort -vast` to make tracking changes easier in git
   * Add myself as maintainer (Closes: #1109991)
   * Replace outdated PCRE3 with modern PCRE2 (Closes: #1000014)
   * Add patch to make current MyDumper version compile with pcre2
   * Remove patches that are missing from debian/patches/series
   * Enable Salsa CI using default template
   * Clean up changelog
Checksums-Sha1:
 84271c1f1e439b4173983d2aa1d138c78e642f7b 2185 mydumper_0.10.1-2ubuntu1.dsc
 48e476b2fef8e74f1472049b762e50c72d35e6f5 63967 mydumper_0.10.1.orig.tar.gz
 53541c0751e4ee22567962e57a7b59441996580a 10768 mydumper_0.10.1-2ubuntu1.debian.tar.xz
 404fc7509a44e7e704cd88bdf6f56ca65dda6447 8718 mydumper_0.10.1-2ubuntu1_source.buildinfo
Checksums-Sha256:
 33bf8ac37d42a86a0f41c90cb6eaebe61d98c8ca4f40f457c9147ecfc03f41b8 2185 mydumper_0.10.1-2ubuntu1.dsc
 66b64f0c9410143ab4a32794f58769965495ac0385882b239f2c928281c1e798 63967 mydumper_0.10.1.orig.tar.gz
 3a9a4127e5acbecdefc35c8a2f6254638e71993264cba6d316fcb8d109037f6a 10768 mydumper_0.10.1-2ubuntu1.debian.tar.xz
 2f47fbc6977c449ed1f83995a54cf9e900247f8d20f70d20c6408ee34a613576 8718 mydumper_0.10.1-2ubuntu1_source.buildinfo
Files:
 85a1ea5062975889be1a7ac2c74903bf 2185 database extra mydumper_0.10.1-2ubuntu1.dsc
 d0c066acd5b07e5cd042a5ee1e216836 63967 database extra mydumper_0.10.1.orig.tar.gz
 fcb097bc5fa1b9efcee940527b6faa31 10768 database extra mydumper_0.10.1-2ubuntu1.debian.tar.xz
 bf171e7021f275eb165a14390d090d91 8718 database extra mydumper_0.10.1-2ubuntu1_source.buildinfo
Original-Maintainer: Otto Kekäläinen <otto at debian.org>

More information about the Questing-changes mailing list