-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 24 Aug 2025 18:37:35 +0200
Source: unbound
Binary: libunbound-dev libunbound8 libunbound8-dbgsym python3-unbound python3-unbound-dbgsym unbound unbound-anchor unbound-anchor-dbgsym unbound-dbgsym unbound-host unbound-host-dbgsym
Architecture: armel
Version: 1.17.1-2+deb12u3
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-02) <buildd_arm64-arm-ubc-02@buildd.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 libunbound-dev - static library, header files, and docs for libunbound
 libunbound8 - library implementing DNS resolution and validation
 python3-unbound - library implementing DNS resolution and validation (Python3 bindi
 unbound    - validating, recursive, caching DNS resolver
 unbound-anchor - utility to securely fetch the root DNS trust anchor
 unbound-host - reimplementation of the 'host' command
Closes: 1078647 1083282 1109427
Changes:
 unbound (1.17.1-2+deb12u3) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2024-8508: Denial of service vulnerability when processing
     malicious upstreams responses with very large RRsets. (Closes: #1083282)
   * Fix CVE-2024-33655: The DNSBomb attack, via specially timed DNS queries
     and answers, can cause a Denial of Service on resolvers and spoofed
     targets.  Unbound itself is not vulnerable for DoS, but it can be used to
     take part in a pulsing DoS amplification attack.
   * Fix CVE-2025-5994: Resolvers supporting ECS need to segregate outgoing
     queries to accommodate for different outgoing ECS information.  This
     re-opens up resolvers to a birthday paradox attack (Rebirthday Attack)
     that tries to match the DNS transaction ID in order to cache non-ECS
     poisonous replies. (Closes: #1109427)
   * Fix CVE-2024-43167: NULL pointer dereference flaw was found in the
     ub_ctx_set_fwd(). (Closes: #1078647)
   * Fix CVE-2024-43168: Heap-buffer overflow in the cfg_mark_ports().
   * Add upstream patch to update IP addresses for b.root-servers.net in root
     hints.
Checksums-Sha1:
 38903dad574ca65821db2972bbfc943dc7d65235 583196 libunbound-dev_1.17.1-2+deb12u3_armel.deb
 5fca1ea92acefdddb597601135e72efd8cb6f973 1210776 libunbound8-dbgsym_1.17.1-2+deb12u3_armel.deb
 b4a450c9da75f0f2dc0decff0bf10b1be6324017 486740 libunbound8_1.17.1-2+deb12u3_armel.deb
 9c847326fac0e0f01bea11ef5ba0e205b8f3bb28 185156 python3-unbound-dbgsym_1.17.1-2+deb12u3_armel.deb
 f82d55c23c0a666d3db5eebf2c04b2908dfe4ef4 198812 python3-unbound_1.17.1-2+deb12u3_armel.deb
 7c8067b0fad96ed448e03f0226c380949ff807b4 59664 unbound-anchor-dbgsym_1.17.1-2+deb12u3_armel.deb
 751d8a4e6000a7cd1e1ab3608e985fe0092bf3db 178392 unbound-anchor_1.17.1-2+deb12u3_armel.deb
 9fdbb4aefb5f4f072efcccf73b2e23d397d6856f 4443552 unbound-dbgsym_1.17.1-2+deb12u3_armel.deb
 8e9c2dff447d806f506f986feded64846f629746 129772 unbound-host-dbgsym_1.17.1-2+deb12u3_armel.deb
 7918bde3447ea6946b932f856b8a798b557d618d 195128 unbound-host_1.17.1-2+deb12u3_armel.deb
 9aab3d8786d0040ac5bb485ab6d360532be26781 10742 unbound_1.17.1-2+deb12u3_armel-buildd.buildinfo
 ff94922c9cdb7d3648bb068b23614916e44bc7a1 812824 unbound_1.17.1-2+deb12u3_armel.deb
Checksums-Sha256:
 5c469ff08554cdaac01bf48deabdea063257eb1739b7f341a434c55b357bd643 583196 libunbound-dev_1.17.1-2+deb12u3_armel.deb
 42583de6bbbf08917143d030ec6967bdd28ae8eb7727c10905864f33eeb681bd 1210776 libunbound8-dbgsym_1.17.1-2+deb12u3_armel.deb
 601b43b6ca226232e93a2700b68436e5ee54a5de6710c0c9be3aff51428a4dd6 486740 libunbound8_1.17.1-2+deb12u3_armel.deb
 850e15736f2d9933e30251a55d5b206d8b3cc7f58730898d14d8082a4795f96a 185156 python3-unbound-dbgsym_1.17.1-2+deb12u3_armel.deb
 44c58b76e5fb7e55676e52602592e4f0fbff9d42ee593edf85350294da18ade6 198812 python3-unbound_1.17.1-2+deb12u3_armel.deb
 0f87be1b769ec84777be452e8c2e14db48bb544f037439856ff23c0a467a53e9 59664 unbound-anchor-dbgsym_1.17.1-2+deb12u3_armel.deb
 9f5656f279335ff2f7a25f2b1dd10cd0317073ccb98768c80d4b109297163562 178392 unbound-anchor_1.17.1-2+deb12u3_armel.deb
 bc81c044e5e08798aa44c793bc43a497eb65e110d689c67c2ecbe1e0ad7d7062 4443552 unbound-dbgsym_1.17.1-2+deb12u3_armel.deb
 61cebbcf39c796986cd4ac3ed5896bb97212507e5cfa31d40ed70a2cbcf25342 129772 unbound-host-dbgsym_1.17.1-2+deb12u3_armel.deb
 3c7f4dcdb52cebeb94080e78dfa5102e44c71a5f43b1b96d21303777ad4eff26 195128 unbound-host_1.17.1-2+deb12u3_armel.deb
 720d78b278593f30852906035ae59989827042fa769dcfd1cdd144237f8d981f 10742 unbound_1.17.1-2+deb12u3_armel-buildd.buildinfo
 6c59a432ee652814fc822f2e87117b444616641752a27fe987ee36a8dff16a1d 812824 unbound_1.17.1-2+deb12u3_armel.deb
Files:
 c6b1df77cb7bd1c620fbd3eb072db0da 583196 libdevel optional libunbound-dev_1.17.1-2+deb12u3_armel.deb
 3c1800f427236ff22da5e0e3c85a924c 1210776 debug optional libunbound8-dbgsym_1.17.1-2+deb12u3_armel.deb
 a5bddafe13fb0959461f436a51bffe3c 486740 libs optional libunbound8_1.17.1-2+deb12u3_armel.deb
 be0aa624df28f20106e5de3a6cb1e73a 185156 debug optional python3-unbound-dbgsym_1.17.1-2+deb12u3_armel.deb
 8f52f1f00bfac24e50ac3ad37b6d6d25 198812 python optional python3-unbound_1.17.1-2+deb12u3_armel.deb
 f9619921d3300273f93761d0c07882e1 59664 debug optional unbound-anchor-dbgsym_1.17.1-2+deb12u3_armel.deb
 f67e911fb152bda578ab9aca20b00792 178392 net optional unbound-anchor_1.17.1-2+deb12u3_armel.deb
 a77bb68279e12a27199bfad68e75f70e 4443552 debug optional unbound-dbgsym_1.17.1-2+deb12u3_armel.deb
 5496f2996c06626cf487c2c169f02f6f 129772 debug optional unbound-host-dbgsym_1.17.1-2+deb12u3_armel.deb
 81f6fae79c71622015c17f1f57250e02 195128 net optional unbound-host_1.17.1-2+deb12u3_armel.deb
 bcc58abd00c1351b49391aa9497edfeb 10742 net optional unbound_1.17.1-2+deb12u3_armel-buildd.buildinfo
 59547e6b04c046b212305cdb8dc95024 812824 net optional unbound_1.17.1-2+deb12u3_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEbIns2iWsAAdAqh2MS/ZIXkV8oLAFAmis49sACgkQS/ZIXkV8
oLAbfg/7BLjX4gW+8uFjMBVF3jML3OeCZ1RYrQ8k82cZIWUz9UVlFVLY3brrlzH4
Cf8Xk9tUMY2DrjYyNC9rCqKlglXICEl82JEu7ma/SqRKmXcwX5ruNxyAZRHjGUAp
QjB3oOfadEf/gYoGQipmtqlM+JL5F4mS15uvrOiBW9eU5pbTLi+MgE/bY5Te2Czn
IoRnLnFjcXqPqVXTRHF+AH9tpYj68d1YTj61XgJZqdfgQIO9CEU9gLdH7p4byIgK
6jWQLyi4runzrPVA+/S5w5gyG6QeV/qKUm0TT/2t2daieyAFWMGzGcIVaFQ15X2k
8UEAxjt20ou6zk8gNhhgcILTHE5ZUweT9pH8ifOTb3Fzi6dzOzhFTh9hBMk15DSy
HpHEHyQPikcfNoVZHrWyU81InaNwYchSh7IszHq0pjYEeP6Dci83RNoBD1E56vgk
xk+nCAaXtEgjJ7T5yiS0VrRu3+aNhF57Fq4FSp10e84XtPEE3L1nKLTzHRNb+reb
I5KnRSjOlpWZunYA6TTQhaMRNFhdJX0A5Q4q2pkYxsZMr4BHeH1oj3Po4Y2gC8Z+
sFZVpKgo92qZSg50M3PT4AQXpxn2ytNGmvkuyHK+RsBPbxTvMyIuYBidrvvSZEyX
wboSUJboH2ctzXeA1f+eIPbPFu+woc5AV/fjo1FSA835B0Jp0kY=
=BDpS
-----END PGP SIGNATURE-----