-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 24 Aug 2025 18:37:35 +0200
Source: unbound
Binary: libunbound-dev libunbound8 libunbound8-dbgsym python3-unbound python3-unbound-dbgsym unbound unbound-anchor unbound-anchor-dbgsym unbound-dbgsym unbound-host unbound-host-dbgsym
Architecture: armhf
Version: 1.17.1-2+deb12u3
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-conova-01) <buildd_arm64-arm-conova-01@buildd.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 libunbound-dev - static library, header files, and docs for libunbound
 libunbound8 - library implementing DNS resolution and validation
 python3-unbound - library implementing DNS resolution and validation (Python3 bindi
 unbound    - validating, recursive, caching DNS resolver
 unbound-anchor - utility to securely fetch the root DNS trust anchor
 unbound-host - reimplementation of the 'host' command
Closes: 1078647 1083282 1109427
Changes:
 unbound (1.17.1-2+deb12u3) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2024-8508: Denial of service vulnerability when processing
     malicious upstreams responses with very large RRsets. (Closes: #1083282)
   * Fix CVE-2024-33655: The DNSBomb attack, via specially timed DNS queries
     and answers, can cause a Denial of Service on resolvers and spoofed
     targets.  Unbound itself is not vulnerable for DoS, but it can be used to
     take part in a pulsing DoS amplification attack.
   * Fix CVE-2025-5994: Resolvers supporting ECS need to segregate outgoing
     queries to accommodate for different outgoing ECS information.  This
     re-opens up resolvers to a birthday paradox attack (Rebirthday Attack)
     that tries to match the DNS transaction ID in order to cache non-ECS
     poisonous replies. (Closes: #1109427)
   * Fix CVE-2024-43167: NULL pointer dereference flaw was found in the
     ub_ctx_set_fwd(). (Closes: #1078647)
   * Fix CVE-2024-43168: Heap-buffer overflow in the cfg_mark_ports().
   * Add upstream patch to update IP addresses for b.root-servers.net in root
     hints.
Checksums-Sha1:
 b71f631f010ea7afd0a60a943419ffbb822a0511 585960 libunbound-dev_1.17.1-2+deb12u3_armhf.deb
 c8798b1c9403dcd69c59757dea4c37a1be459e3f 1230224 libunbound8-dbgsym_1.17.1-2+deb12u3_armhf.deb
 e6ed4dabc8dacc651f93d3007e8bb7d7d02fb08c 491944 libunbound8_1.17.1-2+deb12u3_armhf.deb
 7319240eee9f6795bcfae7959321331e12337e6c 192872 python3-unbound-dbgsym_1.17.1-2+deb12u3_armhf.deb
 3a099efcceb4170a6dff7e41a7c97244f7c3de0d 199420 python3-unbound_1.17.1-2+deb12u3_armhf.deb
 6274ace448a809e880a19a219c76356b14b9082b 60564 unbound-anchor-dbgsym_1.17.1-2+deb12u3_armhf.deb
 591fc7b090c8fc0e3b6eaba1f74b7e495741ac38 178424 unbound-anchor_1.17.1-2+deb12u3_armhf.deb
 91f4231fa59828cae388aca39a7226c78dc59c42 4542192 unbound-dbgsym_1.17.1-2+deb12u3_armhf.deb
 00ef8012df3b96f11ab26b929aa1c5b46f769594 130448 unbound-host-dbgsym_1.17.1-2+deb12u3_armhf.deb
 943889efafb79126c7d2b88b08fdbc931b536e4e 193480 unbound-host_1.17.1-2+deb12u3_armhf.deb
 c9b5f2fa228e86c56793995481c8870978a7253a 10744 unbound_1.17.1-2+deb12u3_armhf-buildd.buildinfo
 a2cd6e45c1de27bd368e8a7ab54e328bd9350efd 834128 unbound_1.17.1-2+deb12u3_armhf.deb
Checksums-Sha256:
 7d99dde89169d8a7c835206a69c11b3763c8a11818a7fcd8ff60ae3e329476b8 585960 libunbound-dev_1.17.1-2+deb12u3_armhf.deb
 8dd56c685a2ae6245fba814aa5899b05c2b3a06a7713adbaabb02d4af4cdfaa6 1230224 libunbound8-dbgsym_1.17.1-2+deb12u3_armhf.deb
 989468c45dc956a0af7ec635acd442593092faf2f7df8d2e14b7881318a97b29 491944 libunbound8_1.17.1-2+deb12u3_armhf.deb
 7926295fc66bd067365af262dd36f77461179753c05ac26507da914f31d1f7a8 192872 python3-unbound-dbgsym_1.17.1-2+deb12u3_armhf.deb
 09811614951cecbbd1b58bd10403434bf70f86a9eaa6d1aa4e573e55a5a65add 199420 python3-unbound_1.17.1-2+deb12u3_armhf.deb
 94060b4fa567af36e318cf1a965cfc010afd9e393c489e711e31e200f04142a5 60564 unbound-anchor-dbgsym_1.17.1-2+deb12u3_armhf.deb
 91f698e32ed503270fd3295f6a1c83e71bb258279cd2a4235b63b705ca451732 178424 unbound-anchor_1.17.1-2+deb12u3_armhf.deb
 7282373149392612c6bbd731de9f7eb683e3aa72eb5fb334a431db0742d207ae 4542192 unbound-dbgsym_1.17.1-2+deb12u3_armhf.deb
 465401431011bf84ff8afc770200c4c32806edbedf4907a0a43b6712f1a22610 130448 unbound-host-dbgsym_1.17.1-2+deb12u3_armhf.deb
 d924f42d0cfc1dbbeec905751361dcd39499b066d01fc632295a8fe6dd016b16 193480 unbound-host_1.17.1-2+deb12u3_armhf.deb
 bfa96ec613396d44a0e057e11b688fada06d470b7fea00472d521cde15699c5f 10744 unbound_1.17.1-2+deb12u3_armhf-buildd.buildinfo
 10ed50d559a97ad472679a8748498a0f93890eb332950da16c9859a3118feeac 834128 unbound_1.17.1-2+deb12u3_armhf.deb
Files:
 edf5a7688057535a435134f8b0ac579e 585960 libdevel optional libunbound-dev_1.17.1-2+deb12u3_armhf.deb
 69bba5554a107f5d9a6aca75688855e8 1230224 debug optional libunbound8-dbgsym_1.17.1-2+deb12u3_armhf.deb
 f2c9386e93ef866624937a076259673b 491944 libs optional libunbound8_1.17.1-2+deb12u3_armhf.deb
 652d0bf77cb25fab413030cfbc0a423b 192872 debug optional python3-unbound-dbgsym_1.17.1-2+deb12u3_armhf.deb
 8cd9e68378a5a839891380d5a7bb9488 199420 python optional python3-unbound_1.17.1-2+deb12u3_armhf.deb
 898a2149120084b5e61d319983b10bf9 60564 debug optional unbound-anchor-dbgsym_1.17.1-2+deb12u3_armhf.deb
 f7be01b9aa7b167a04933a7bfb382737 178424 net optional unbound-anchor_1.17.1-2+deb12u3_armhf.deb
 123ab2ad5ea252ebe36c8d47758233fe 4542192 debug optional unbound-dbgsym_1.17.1-2+deb12u3_armhf.deb
 785816be4e6ff46c7212fd3fbaa115e6 130448 debug optional unbound-host-dbgsym_1.17.1-2+deb12u3_armhf.deb
 250ddb24a665aa0bf36079aada5a0239 193480 net optional unbound-host_1.17.1-2+deb12u3_armhf.deb
 553e17f8672a673ed9c92ddb0a0eef3f 10744 net optional unbound_1.17.1-2+deb12u3_armhf-buildd.buildinfo
 584ec4036e6bc8e393ad6dd09626bf7a 834128 net optional unbound_1.17.1-2+deb12u3_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEegRwmIwj8f99iF4m4CwlMGxHD8UFAmis4NgACgkQ4CwlMGxH
D8Xe+w//QUq/jn6YS6WmQ0aYn82+PpgjVC25u0TDnobb22aQbeIwNy6uEYloDu5n
SyvQ/4Z+C9NVyptuG/0F9tXHZVwpvO7Dp8hldn9RXqpAw+T9FAo+8IA54n+9vj08
AbVM+g3vWvOQOt2WMPesbJSQxLvvZMIgJLKtE0Yi6Vspi9O73wrfEOcwsPlY8HaR
ibQenX7HuwnoV4xd0dos82Xsltxg7OXWqUmb84kCQWg67xtRejr//XRBy9YModiN
ztuBBkZioLgGDqk7UDekGWoQn/idNYk/h0ySwZ/2eBsFDIVjhBaSR7JEbPYvMlgH
u2bG+Av5eKkciST+iM89wYYuh+TON9ErXVDhrNzXygEfDNNSdj8qvAXNDMr2rjFS
nR8FwwbZExil6rkNWprRTwd8dzDsWDgLGiL+tBIxxDH+JTT3TmBj5If5b3jMsBR/
H43g+MXNNGvhiXQqf0rgqWW7AklRmt53AbfIuL3G9SZZuar1xuHKn1pmyxOIDtqJ
glPXvGxJa81DDXgRBMMOiwRq2CHevkGQ2Lbm8PV7z3r2RX7/diFfLNWdBs5K909W
SbPh3LONnOR8ezNMIuRpbOaTLCtN7oebrWXBBVlpXKBna9xr5XQux/ReiQitGKtU
tqU+UcwZVRAKg6plATWLa6n9hbs0R3zrtI1MMV+5DYyggrXQDno=
=1452
-----END PGP SIGNATURE-----