Some follow-up on mydumper. On Wed, Sep 03, 2025 at 05:06:55PM +0200, Lee Garrett wrote: > On 26/09/2025 23:38, Adrian Bunk wrote: > > mydumper: > > No action after receiving instructions from SRM in May (#1106790). > > FWIW, I have fixed CVE-2025-30224 in the bookworm and the sid branch in May, > and also pushed the changes to the packaging repo. I have uploaded +deb12u2 > back then and it's been waiting in bookworm-new since. Because the package > in sid has bitrot and FTBFS, it can't be fixed without also bumping the > upstream release and doing major packaging work. > > Since the maintainer of mydumper is also inactive on all the other packages > they own, I have notified the MIA team in May and the ball is in their > hands. mydumper is not in trixie or forky due to RC bugs. I've now filed a > RoQA to remove it in unstable, and also pinged the bug so the upload gets > sent to b-p-u. As such there's nothing left to do on our side. >
It looks like Otto took over the package and uploaded to sid just yesterday (2025-09-09) and that his upload includes your CVE-2025-30224 fix. Otto also appears to have commented on #1106790 with a note about welcoming collaboration. That part seems clear to me, and it is a good development that makes it seem like the package will receive active maintenance and attention. Perhaps SRM will move soon to accept the package that is waiting in bookworm-new. Regards, -Roberto -- Roberto C. Sánchez
