[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted unbound 1.13.1-1+deb11u5 (source) into oldoldstable-security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 23 Aug 2025 19:22:47 +0200
Source: unbound
Architecture: source
Version: 1.13.1-1+deb11u5
Distribution: bullseye-security
Urgency: high
Maintainer: unbound packagers <unbound@packages.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1109427
Changes:
 unbound (1.13.1-1+deb11u5) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Fix CVE-2024-33655: The DNSBomb attack, via specially timed DNS queries
     and answers, can cause a Denial of Service on resolvers and spoofed
     targets.  Unbound itself is not vulnerable for DoS, but it can be used to
     take part in a pulsing DoS amplification attack.
   * Fix CVE-2025-5994: Resolvers supporting ECS need to segregate outgoing
     queries to accommodate for different outgoing ECS information.  This
     re-opens up resolvers to a birthday paradox attack (Rebirthday Attack)
     that tries to match the DNS transaction ID in order to cache non-ECS
     poisonous replies. (Closes: #1109427)
   * Backport upstream's follow-up changes for CVE-2024-43168 and
     CVE-2024-43167.
   * DEP-8: Add `Depends: netcat-openbsd, xxd` to avoid skipping tests.
Checksums-Sha1:
 1aeb4ada1ded1a27b40718a294892b29afca1949 2899 unbound_1.13.1-1+deb11u5.dsc
 561522b06943f6d1c33bd78132db1f7020fc4fd1 5976957 unbound_1.13.1.orig.tar.gz
 badddb9ae2f4c1f6c3b019c5e722d34effc5758e 59964 unbound_1.13.1-1+deb11u5.debian.tar.xz
 30fd60f063d68474b5e87b37263733e0dbf1626a 5892 unbound_1.13.1-1+deb11u5_source.buildinfo
Checksums-Sha256:
 493c8291edb52af1f64c00763eca1e36ded77b3d9f438ca22b7e047dd16326f2 2899 unbound_1.13.1-1+deb11u5.dsc
 8504d97b8fc5bd897345c95d116e0ee0ddf8c8ff99590ab2b4bd13278c9f50b8 5976957 unbound_1.13.1.orig.tar.gz
 0f7e0a775b3aa550c8f4674cdd828fba45efb67f29a437b2dbaaa4a3365985af 59964 unbound_1.13.1-1+deb11u5.debian.tar.xz
 5c3dfc7b8c6d054c698c36b4400498a9abcdbf13732530d0ec8b5e4a0575a9a4 5892 unbound_1.13.1-1+deb11u5_source.buildinfo
Files:
 afb7826cd9b248e5f0b074cbf84d7c14 2899 net optional unbound_1.13.1-1+deb11u5.dsc
 0cd660a40d733acc6e7cce43731cac62 5976957 net optional unbound_1.13.1.orig.tar.gz
 f70d4a0e38ed34e18392124fe868a2d8 59964 net optional unbound_1.13.1-1+deb11u5.debian.tar.xz
 bec19c7b9746249a1a1e4d179105c467 5892 net optional unbound_1.13.1-1+deb11u5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmirXQYACgkQ05pJnDwh
pVIgkRAAiasHPDbfkOCdO5L/OBsqj7QBHAWBXTSq3GFthkV5CelSbqtMVuwRmY0d
Kdt7qrqSZjnw7ijeukLonrLH8UL//4w/qSWfq2SnkJyyw4n886QChLeIvBc/N+8K
dK5ftAi4bdQXyTH6v8I0whNL/K+B06A3PhSc+DUpA2sDaVGqDtuupqWeTEoZNnMU
KxY0c89ezKes49rg/2oYQIXfbwXLCqwmKobvhH043+uu4nRX/cZ8WFR1x9O4U4BH
6e5gXWBlOAP19UGksrlfeSXiPzc7DzX3sBfgDAhR1Q2Pgyc5JREtX8XFeynK7jS+
47n9Qp/1p7j4fjLl+fwe/pqs3YW/9rEg9mXGwgFrHZFuEFNA6FcK50Y86DzYMMQi
Wx8pH9aJyISomNcjR8LMFv90v497QPrtfEwgQwwM4b+L2Yz0yEIFhoR+QdV9L6k3
t+/XOIyj89Ke8bpFRo/gdX5HbztOXf8eRiI4vZbUTgpiwwx8Ixx4H8b5HibzbPRk
88Z+vcpdAitRbrHQ9yy9foqIgba4xghLpUAQZQFzlHMWDFzC84ZRqnciXKBWZBLs
g88YT4K4Ea5oui0+1tHdVGZJiyXDNAmJc26p1ExfAxhZ+g/742wuBFNshbUb9xRk
YU5WQdRxJj5acltTjUg4skqp45F+U/tMvIU9B8NQaPvHongvN90=
=yGF7
-----END PGP SIGNATURE-----

Attachment: pgpfdNDX5gPpW.pgp
Description: PGP signature

Reply to: