This bug was fixed in the package mydumper - 0.10.1-2ubuntu1
---------------
mydumper (0.10.1-2ubuntu1) questing; urgency=medium
* Sync with Debian (LP: #2103906). Remaining change:
- Disable 0003-ssl-mariadb-connector.patch to fix build in Ubuntu
where MySQL is used by default instead of MariaDB
mydumper (0.10.1-2) unstable; urgency=medium
[ Lee Garrett ]
* Fix CVE-2025-30224 (Closes: #1102002):
- The MySQL C client library (libmysqlclient) allows authenticated remote
actors to read arbitrary files from client systems via a crafted server
response to LOAD LOCAL INFILE query, leading to sensitive information
disclosure when clients connect to untrusted MySQL servers without
explicitly disabling the local infile capability. Mydumper had the local
infile option enabled by default and does not have an option to disable
it. This can lead to an unexpected arbitrary file read if the Mydumper
tool connects to an untrusted server.
* Add autopkgtest integration tests
* Add debian/gbp.conf
[ Otto Kekäläinen ]
* Apply `wrap-and-sort -vast` to make tracking changes easier in git
* Add myself as maintainer (Closes: #1109991)
* Replace outdated PCRE3 with modern PCRE2 (Closes: #1000014)
* Add patch to make current MyDumper version compile with pcre2
* Remove patches that are missing from debian/patches/series
* Enable Salsa CI using default template
* Clean up changelog
-- Jeremy Bícha <[email protected]> Mon, 22 Sep 2025 16:55:55 -0400
** Changed in: mydumper (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-30224
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2103906
Title:
Please remove mydumper from Ubuntu
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mydumper/+bug/2103906/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
