Bug#1033993: bullseye-pu: package unbound/1.13.1-1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1033993: bullseye-pu: package unbound/1.13.1-1
From: Markus Koschany <apo@debian.org>
Date: Wed, 05 Apr 2023 23:51:36 +0200
Message-id: <[🔎] 168073149617.213391.6234029380645325109.reportbug@faye>
Reply-to: Markus Koschany <apo@debian.org>, 1033993@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: apo@debian.org

Hello,

I would like to update unbound in Bullseye and fix three no-dsa CVE,
namely CVE-2022-3204, CVE-2022-30698 and CVE-2022-30699. The same
patches have been successfully applied to older distributions and I
want to make sure these CVE are fixed in Bullseye too.

[ Impact ]

Bullseye would still be vulnerable.

[ Tests ]

I have tested unbound myself on all current Debian releases and found
no issues.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in (old)stable
  [*] the issue is verified as fixed in unstable

[ Changes ]

Applied two patches to address the CVE.

Reply to:

Follow-Ups:
- Bug#1033993: bullseye-pu: package unbound/1.13.1-1
  - From: Markus Koschany <apo@debian.org>
- Bug#1033993: unbound 1.13.1-1+deb11u1 flagged for acceptance
  - From: Adam D Barratt <adam@adam-barratt.org.uk>
- Bug#1033993: marked as done (bullseye-pu: package unbound/1.13.1-1)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Streamlining d-i releases
Next by Date: Bug#1033993: bullseye-pu: package unbound/1.13.1-1
Previous by thread: Re: Streamlining d-i releases
Next by thread: Bug#1033993: bullseye-pu: package unbound/1.13.1-1
Index(es):
- Date
- Thread