-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 24 Aug 2025 18:37:35 +0200
Source: unbound
Binary: libunbound-dev libunbound8 libunbound8-dbgsym python3-unbound python3-unbound-dbgsym unbound unbound-anchor unbound-anchor-dbgsym unbound-dbgsym unbound-host unbound-host-dbgsym
Architecture: ppc64el
Version: 1.17.1-2+deb12u3
Distribution: bookworm-security
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-conova-01) <buildd_ppc64el-ppc64el-conova-01@buildd.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 libunbound-dev - static library, header files, and docs for libunbound
 libunbound8 - library implementing DNS resolution and validation
 python3-unbound - library implementing DNS resolution and validation (Python3 bindi
 unbound    - validating, recursive, caching DNS resolver
 unbound-anchor - utility to securely fetch the root DNS trust anchor
 unbound-host - reimplementation of the 'host' command
Closes: 1078647 1083282 1109427
Changes:
 unbound (1.17.1-2+deb12u3) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2024-8508: Denial of service vulnerability when processing
     malicious upstreams responses with very large RRsets. (Closes: #1083282)
   * Fix CVE-2024-33655: The DNSBomb attack, via specially timed DNS queries
     and answers, can cause a Denial of Service on resolvers and spoofed
     targets.  Unbound itself is not vulnerable for DoS, but it can be used to
     take part in a pulsing DoS amplification attack.
   * Fix CVE-2025-5994: Resolvers supporting ECS need to segregate outgoing
     queries to accommodate for different outgoing ECS information.  This
     re-opens up resolvers to a birthday paradox attack (Rebirthday Attack)
     that tries to match the DNS transaction ID in order to cache non-ECS
     poisonous replies. (Closes: #1109427)
   * Fix CVE-2024-43167: NULL pointer dereference flaw was found in the
     ub_ctx_set_fwd(). (Closes: #1078647)
   * Fix CVE-2024-43168: Heap-buffer overflow in the cfg_mark_ports().
   * Add upstream patch to update IP addresses for b.root-servers.net in root
     hints.
Checksums-Sha1:
 4aaf1c2e2ed33b24c1e7cdac2db4270abafa5a2e 686104 libunbound-dev_1.17.1-2+deb12u3_ppc64el.deb
 953e0639fc004bd72a31be853360bfe65e7bb717 1279424 libunbound8-dbgsym_1.17.1-2+deb12u3_ppc64el.deb
 58b61c0ab2e6445279ccfed7e4593f851bc541c9 576972 libunbound8_1.17.1-2+deb12u3_ppc64el.deb
 c1ede685f42887804a0cef5b6df547c446235c3f 176416 python3-unbound-dbgsym_1.17.1-2+deb12u3_ppc64el.deb
 612d36103294c44d68db75bd6d4fe6532e89150d 204568 python3-unbound_1.17.1-2+deb12u3_ppc64el.deb
 1569eb2b8efaf70d8f6a7d520b2156095b0d5a8e 60944 unbound-anchor-dbgsym_1.17.1-2+deb12u3_ppc64el.deb
 2e3c10ddacf2818261570c7ee3b96d4ef9a55b28 181016 unbound-anchor_1.17.1-2+deb12u3_ppc64el.deb
 56c82dc0bf4b651577f563fbd97769cc304794a2 4597348 unbound-dbgsym_1.17.1-2+deb12u3_ppc64el.deb
 032c1f3aaca4e8f6057fc432bfd6d4822cf76044 133828 unbound-host-dbgsym_1.17.1-2+deb12u3_ppc64el.deb
 10cb14bea3ddadb49e17677d976f6996e52b5676 207432 unbound-host_1.17.1-2+deb12u3_ppc64el.deb
 f361801606b4af6a908b6e2d0713ceb60460603b 10951 unbound_1.17.1-2+deb12u3_ppc64el-buildd.buildinfo
 f85c07271de0ba9137707e5cae78dedbf86b3e29 963488 unbound_1.17.1-2+deb12u3_ppc64el.deb
Checksums-Sha256:
 bf1eb86f1a9ab6354b7e8a28c4798caba2e62fc48c28550ff640d6ea7f2a030b 686104 libunbound-dev_1.17.1-2+deb12u3_ppc64el.deb
 7d8bf58481dc1ac286d9bd0c70397c1db4dcb70492aa4f2e85a5bf9abd0bbc57 1279424 libunbound8-dbgsym_1.17.1-2+deb12u3_ppc64el.deb
 8c9f304cbe8c5b37b2d8150c23772a002d9761ff5430dad31a422c1448c75e47 576972 libunbound8_1.17.1-2+deb12u3_ppc64el.deb
 dc6326c7b0a57c9bb7dd04cc8d1143b613f99aadb39c5e0e97d23ea708c1ed28 176416 python3-unbound-dbgsym_1.17.1-2+deb12u3_ppc64el.deb
 b34b8591d63ff179accdf68b352c307454634ca91e8913397056fe500474cd2b 204568 python3-unbound_1.17.1-2+deb12u3_ppc64el.deb
 253ebe419d9527b5cbfd1dee5efd33313295870a71262815b7087e3fde510d95 60944 unbound-anchor-dbgsym_1.17.1-2+deb12u3_ppc64el.deb
 cca90d8034458909e00f35b1c84bdfd87179f59554b04b6ab08294849a43bfd9 181016 unbound-anchor_1.17.1-2+deb12u3_ppc64el.deb
 e2dbccdd18f8da2f4403c8a5ebd8f946f3c198f768a3f24af11a6c93a60de220 4597348 unbound-dbgsym_1.17.1-2+deb12u3_ppc64el.deb
 e39867e60b297e11ef1121108831568331fbb6c33fc26344a71b7373734039e7 133828 unbound-host-dbgsym_1.17.1-2+deb12u3_ppc64el.deb
 3b50c02b45bd4d3ffc98570b42b168dcbb999b38fb87fc22ba7ff1c879d387d5 207432 unbound-host_1.17.1-2+deb12u3_ppc64el.deb
 d570a921bdd3a479fae28cf034e2271435a379884b53f010aabd83a0d89bcf21 10951 unbound_1.17.1-2+deb12u3_ppc64el-buildd.buildinfo
 482832c38bf31dbda305e1d451744cc0562c5503e013053e71f900343111b4bf 963488 unbound_1.17.1-2+deb12u3_ppc64el.deb
Files:
 1688ae88eb2868261693f5567b382870 686104 libdevel optional libunbound-dev_1.17.1-2+deb12u3_ppc64el.deb
 0c6ca5fd25b7bb7843cbe32c100496a3 1279424 debug optional libunbound8-dbgsym_1.17.1-2+deb12u3_ppc64el.deb
 92b26900d1f89f7aad99d503a320e784 576972 libs optional libunbound8_1.17.1-2+deb12u3_ppc64el.deb
 69c2ac1d6bfcd28534ec69217ae6b96b 176416 debug optional python3-unbound-dbgsym_1.17.1-2+deb12u3_ppc64el.deb
 d380577e6fb9fb5145e20c38e3caf8ab 204568 python optional python3-unbound_1.17.1-2+deb12u3_ppc64el.deb
 3ebfe107f41b32cb7a3e3e92b9591704 60944 debug optional unbound-anchor-dbgsym_1.17.1-2+deb12u3_ppc64el.deb
 a697d812447b239968cb8fdd36bc9eec 181016 net optional unbound-anchor_1.17.1-2+deb12u3_ppc64el.deb
 021e330d798e6add90db32b6f874b678 4597348 debug optional unbound-dbgsym_1.17.1-2+deb12u3_ppc64el.deb
 37ca54bad1a9b7a053e327d4c2bb31be 133828 debug optional unbound-host-dbgsym_1.17.1-2+deb12u3_ppc64el.deb
 677f3f4826d34be67a7236122af87f7b 207432 net optional unbound-host_1.17.1-2+deb12u3_ppc64el.deb
 0e68d04923bffaf0b761eeda5d805c19 10951 net optional unbound_1.17.1-2+deb12u3_ppc64el-buildd.buildinfo
 0e5ef5d65fcb5682aa31a4492b958012 963488 net optional unbound_1.17.1-2+deb12u3_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvNkWZvjZkiWgJGRETMSrGPLkYxUFAmis3+UACgkQTMSrGPLk
YxUgiw//Y1As/CsI+uCJze7BU1zbVjZqC8dOdAL5CaIy4shD6YSehMOpiR4B/7YJ
pMQhdJ9728EWPZC6oSkYQqIIfuGGWV2rtLqyKS2jha3TOOWaHVtxz2l4h/QCwoJx
S8vBjIhxZN7M2PqLe6VfTw8fdRiEwClN7a6NxPwWuO3yrMbpecnUtFGABkhqZAKZ
x0/XNlw85u/oKmzgk0cy/9SOri4bpLBgym1O3WxqV/gk27bTYtVkwfuDjj9nzGld
K4x5iaSukYCoL3+M0PysjPnZ1zZYYYMJ7TytCnBC9rD8G0OOZ7p1uLHTAIZDSM0G
oEYiyAGSeufODeOBdS0h8NuhdMiOazcpgsHvrmIDBHTC4R8gNn4HdjItmk72ekNQ
+TwlMlLfzXnvFek/qlOi+phu5O136PSJPFziPL7Ax8FuMq59s/FlN5WqifYFaMoF
T2aT0IWt6FOE7WfHfxitW/C1egopIaYVy5MDxU9hgbRizXy4CdnQNvrXURKd8rfb
G0JeyDBa7GA5VMjMtypSgehnFG3OT+p7XNvXWKiYcKoCvtl5RjxIsvko9KEu70pE
HLT9XD7Vy/ZmMXJHwkoM5aHk1t+IYPjs/d42ZRBXGzkBD/bUi0d4q0toS2EVoPXN
YY7N4xgU83ViCwvW8QNKe8Vib3NgTwt9RV/p+FB7vaCSrLEsXiA=
=stwM
-----END PGP SIGNATURE-----