-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 24 Aug 2025 18:37:35 +0200
Source: unbound
Binary: libunbound-dev libunbound8 libunbound8-dbgsym python3-unbound python3-unbound-dbgsym unbound unbound-anchor unbound-anchor-dbgsym unbound-dbgsym unbound-host unbound-host-dbgsym
Architecture: mips64el
Version: 1.17.1-2+deb12u3
Distribution: bookworm-security
Urgency: high
Maintainer: mipsel Build Daemon (mipsel-osuosl-05) <buildd_mips64el-mipsel-osuosl-05@buildd.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 libunbound-dev - static library, header files, and docs for libunbound
 libunbound8 - library implementing DNS resolution and validation
 python3-unbound - library implementing DNS resolution and validation (Python3 bindi
 unbound    - validating, recursive, caching DNS resolver
 unbound-anchor - utility to securely fetch the root DNS trust anchor
 unbound-host - reimplementation of the 'host' command
Closes: 1078647 1083282 1109427
Changes:
 unbound (1.17.1-2+deb12u3) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2024-8508: Denial of service vulnerability when processing
     malicious upstreams responses with very large RRsets. (Closes: #1083282)
   * Fix CVE-2024-33655: The DNSBomb attack, via specially timed DNS queries
     and answers, can cause a Denial of Service on resolvers and spoofed
     targets.  Unbound itself is not vulnerable for DoS, but it can be used to
     take part in a pulsing DoS amplification attack.
   * Fix CVE-2025-5994: Resolvers supporting ECS need to segregate outgoing
     queries to accommodate for different outgoing ECS information.  This
     re-opens up resolvers to a birthday paradox attack (Rebirthday Attack)
     that tries to match the DNS transaction ID in order to cache non-ECS
     poisonous replies. (Closes: #1109427)
   * Fix CVE-2024-43167: NULL pointer dereference flaw was found in the
     ub_ctx_set_fwd(). (Closes: #1078647)
   * Fix CVE-2024-43168: Heap-buffer overflow in the cfg_mark_ports().
   * Add upstream patch to update IP addresses for b.root-servers.net in root
     hints.
Checksums-Sha1:
 e6b84f4acb1e7cf1c1e4367e05d1d50e5adc0053 675012 libunbound-dev_1.17.1-2+deb12u3_mips64el.deb
 b7a80e786bcba565164625c399283e0ff9a92ebb 1318320 libunbound8-dbgsym_1.17.1-2+deb12u3_mips64el.deb
 aeaa9d7460fd6fa0d17e2092b50ca98b40a0209f 503100 libunbound8_1.17.1-2+deb12u3_mips64el.deb
 f74d7a3d983f7dbdd1fdf27313ea847a2a528314 172968 python3-unbound-dbgsym_1.17.1-2+deb12u3_mips64el.deb
 7580d73d4a38a9e15c98edcbbb93ed429b3e2cfa 196496 python3-unbound_1.17.1-2+deb12u3_mips64el.deb
 57279ceeeafac6a268c9285b2253b684fd5bdd71 62880 unbound-anchor-dbgsym_1.17.1-2+deb12u3_mips64el.deb
 4cf487054f85667186ef341bcfabd6a4c8dc30f7 178884 unbound-anchor_1.17.1-2+deb12u3_mips64el.deb
 f78f9993b8e0f7b26d3c23a77493118828fc4463 4688136 unbound-dbgsym_1.17.1-2+deb12u3_mips64el.deb
 d6178ddee3f4bcf46388bcd6a9cd2df1b6ebabd2 138628 unbound-host-dbgsym_1.17.1-2+deb12u3_mips64el.deb
 f77b8060d4dbd32fdf3df0ccfe35cdc5eae969d2 201920 unbound-host_1.17.1-2+deb12u3_mips64el.deb
 556476603830022c329520748c1f6b0425b67368 10786 unbound_1.17.1-2+deb12u3_mips64el-buildd.buildinfo
 2a8a31ae35fc0b4d48c177d7ca592978254766f9 902888 unbound_1.17.1-2+deb12u3_mips64el.deb
Checksums-Sha256:
 166f9c313a2f26a67dc759a6e21c3393c6246c11d98d0ff80333dcd7eeb346da 675012 libunbound-dev_1.17.1-2+deb12u3_mips64el.deb
 5728bbb13a2113e3abac58c703bd5663073973972a4c735395bd63bd4979c973 1318320 libunbound8-dbgsym_1.17.1-2+deb12u3_mips64el.deb
 d9a1b6dfe1f68d918495c33d9f5b865c982462c7809813a10d0914d05c0e7d7e 503100 libunbound8_1.17.1-2+deb12u3_mips64el.deb
 1f16e7e846eb619a4232348eaacb0cb55ea2aa83584ee0a71200860af2a4b9c5 172968 python3-unbound-dbgsym_1.17.1-2+deb12u3_mips64el.deb
 870f83e4ca9f0a0862ac77218dfcee4de8c008d7763bc5bf214aee0d9a91ebe0 196496 python3-unbound_1.17.1-2+deb12u3_mips64el.deb
 3ed2875717f69cc4bafca09826de6aa09709261c7b996d4a1471f16ca6014aa1 62880 unbound-anchor-dbgsym_1.17.1-2+deb12u3_mips64el.deb
 c6dc03cf0acf7e8e5d66cc665c18fc5474271fa440bac5257008ec0965b37b33 178884 unbound-anchor_1.17.1-2+deb12u3_mips64el.deb
 f7918f069c7725d40086326d1fd9ae0ea276c63d3162f2fc9c829a2b4f3db568 4688136 unbound-dbgsym_1.17.1-2+deb12u3_mips64el.deb
 ba95ce2eaf308f8ace29c6f05b1a60257f67abcbe711232545746066b95c8753 138628 unbound-host-dbgsym_1.17.1-2+deb12u3_mips64el.deb
 3123ddd152dafad408d290574b807e63ea4ab96f9ca198ed2d0b6cc0d08d4fb2 201920 unbound-host_1.17.1-2+deb12u3_mips64el.deb
 119090f972c6b612b27d3ae5a88a7485e5cf6783002e988dbfdff286a6e4ed2c 10786 unbound_1.17.1-2+deb12u3_mips64el-buildd.buildinfo
 874bace524e6f7c914e1108ff2ca3b5e90c6b3aa93e966eed4fa0521a68cc1fe 902888 unbound_1.17.1-2+deb12u3_mips64el.deb
Files:
 be6d57c903ea3bd3fb7f458f0bef9dff 675012 libdevel optional libunbound-dev_1.17.1-2+deb12u3_mips64el.deb
 99991d2df6578e52b7021e1954364231 1318320 debug optional libunbound8-dbgsym_1.17.1-2+deb12u3_mips64el.deb
 5311319dcbe10fe06d483c8f9e63c3cb 503100 libs optional libunbound8_1.17.1-2+deb12u3_mips64el.deb
 660bbda2724d3ef10c52b794c54dd275 172968 debug optional python3-unbound-dbgsym_1.17.1-2+deb12u3_mips64el.deb
 2831e52243b334f2e6be8b9a226ce4fa 196496 python optional python3-unbound_1.17.1-2+deb12u3_mips64el.deb
 affd050f94301426144186c31e3496dd 62880 debug optional unbound-anchor-dbgsym_1.17.1-2+deb12u3_mips64el.deb
 702bed6fd67a31d7b992e18128336e8b 178884 net optional unbound-anchor_1.17.1-2+deb12u3_mips64el.deb
 e104b5121416f7c8ff8e9c91b111f043 4688136 debug optional unbound-dbgsym_1.17.1-2+deb12u3_mips64el.deb
 3199987283c49ce62a832ad1b70686bb 138628 debug optional unbound-host-dbgsym_1.17.1-2+deb12u3_mips64el.deb
 3300243c7ce85fab6ff99b6cbceec115 201920 net optional unbound-host_1.17.1-2+deb12u3_mips64el.deb
 835159af1a154e047921bd4028759537 10786 net optional unbound_1.17.1-2+deb12u3_mips64el-buildd.buildinfo
 e4f0bad5c8e54e22e053cdda60204552 902888 net optional unbound_1.17.1-2+deb12u3_mips64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYLhEzFkGpb3yYRVHmlVdU6AM9BUFAmis5MUACgkQmlVdU6AM
9BX/oQ//V5n69odPUUDjljny5Bs5fwIVwb2TBrt7E4w0k6nz+1e2A5i8CIQSQm6M
if0xI7QiIcw7Kh5PHlzOPmv/7aoBAhi6EWuGLpoCcRrIr/ePRBJuVI4hOZ3IXGVS
CaX5ChlCvcpJrgeFd9YqmhoSLMqCBMCq8CBm4KVkvpNYUT1aeaVoeaXBxQ5yfcVH
KfJwEGwsGdxHABxKS7amXNOGyhjHu9I/qXsC1nfZfpsvlRJCqu72hLiZd+d3k8j2
alq9uI6/S7Eq/hnOJz8wWTq/6he2YXhxPLbgJhsuyuCw/07OQLOgvk1prJeyMQJW
kZ2oFLC0oWKZfRch+OpEtOztXfPsI0mvzkmDgHh1u/l+R4OdiQR4MZ/Bb2WwL9v5
0jg+1HuLZUll17zZ7aehl1Zg3TyvXdkcMVft5ioFRXdSVkNxRIoK63Q6k13zRBW8
Y5xmGLNvSDwD7K9mmEUzGkr4wrHF19iGodGRpMY0kVAv5BpmQ8R7z6qUAwVEDX3z
loWtxJpwcx5MzYN5+M5e8W9jYPNbnMkpMbvA9I16Bd6CMzCQOZGFMw3exI261GUt
WDWB4Q7iS5bz4Rqr7FAmz8TyHOfhLfVpL1HZgBNEU3Vrkf6gWQFmrQRg/ALIRuIY
5ecLByK0d0NwLHZIR+CzVRPXTxnAxEQx5m3hzFE5L+9kPnB1FG8=
=8RiD
-----END PGP SIGNATURE-----