-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 24 Aug 2025 18:37:35 +0200
Source: unbound
Binary: libunbound-dev libunbound8 libunbound8-dbgsym python3-unbound python3-unbound-dbgsym unbound unbound-anchor unbound-anchor-dbgsym unbound-dbgsym unbound-host unbound-host-dbgsym
Architecture: s390x
Version: 1.17.1-2+deb12u3
Distribution: bookworm-security
Urgency: high
Maintainer: s390x Build Daemon (zandonai) <buildd_s390x-zandonai@buildd.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 libunbound-dev - static library, header files, and docs for libunbound
 libunbound8 - library implementing DNS resolution and validation
 python3-unbound - library implementing DNS resolution and validation (Python3 bindi
 unbound    - validating, recursive, caching DNS resolver
 unbound-anchor - utility to securely fetch the root DNS trust anchor
 unbound-host - reimplementation of the 'host' command
Closes: 1078647 1083282 1109427
Changes:
 unbound (1.17.1-2+deb12u3) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2024-8508: Denial of service vulnerability when processing
     malicious upstreams responses with very large RRsets. (Closes: #1083282)
   * Fix CVE-2024-33655: The DNSBomb attack, via specially timed DNS queries
     and answers, can cause a Denial of Service on resolvers and spoofed
     targets.  Unbound itself is not vulnerable for DoS, but it can be used to
     take part in a pulsing DoS amplification attack.
   * Fix CVE-2025-5994: Resolvers supporting ECS need to segregate outgoing
     queries to accommodate for different outgoing ECS information.  This
     re-opens up resolvers to a birthday paradox attack (Rebirthday Attack)
     that tries to match the DNS transaction ID in order to cache non-ECS
     poisonous replies. (Closes: #1109427)
   * Fix CVE-2024-43167: NULL pointer dereference flaw was found in the
     ub_ctx_set_fwd(). (Closes: #1078647)
   * Fix CVE-2024-43168: Heap-buffer overflow in the cfg_mark_ports().
   * Add upstream patch to update IP addresses for b.root-servers.net in root
     hints.
Checksums-Sha1:
 fdf0d8b0eae95f24a23fa3e82b13ad6a934d1871 594304 libunbound-dev_1.17.1-2+deb12u3_s390x.deb
 dffe0a8c3b7b2f175c7c4622b67203c2b17f3bfd 1227352 libunbound8-dbgsym_1.17.1-2+deb12u3_s390x.deb
 14c105f585d23d7da4acc0afe87ea49091ae0db1 503544 libunbound8_1.17.1-2+deb12u3_s390x.deb
 ba1ddea42dfb1785400cc155fef2b54ec3e6c5e5 164888 python3-unbound-dbgsym_1.17.1-2+deb12u3_s390x.deb
 17558a9142d816855549e8b56bda62f09bf3aaba 200176 python3-unbound_1.17.1-2+deb12u3_s390x.deb
 29028c100de757d87ab0cda3269941f7b18074a5 58772 unbound-anchor-dbgsym_1.17.1-2+deb12u3_s390x.deb
 2e3f89ab47ad32d303ae6d3889f1880decdadb95 178608 unbound-anchor_1.17.1-2+deb12u3_s390x.deb
 f4ca01f7b95214062bb3cb0814d96b676a2aad12 4394672 unbound-dbgsym_1.17.1-2+deb12u3_s390x.deb
 739978cc55f104004ae3b07ffc7d0dc35b0e0c90 129604 unbound-host-dbgsym_1.17.1-2+deb12u3_s390x.deb
 c204c80a7bda9e412fc55db8fe1d7b316fc930b6 197496 unbound-host_1.17.1-2+deb12u3_s390x.deb
 cfda0fa8ecaa47cd94de6a0f713bdca8a4126b30 10772 unbound_1.17.1-2+deb12u3_s390x-buildd.buildinfo
 00ce59b54efbbd16f7ea29d862ed072ec1b046a6 872648 unbound_1.17.1-2+deb12u3_s390x.deb
Checksums-Sha256:
 013d19233d27a0f62210f2917b9c86476877ce85fa4859af675e10670cbf6f93 594304 libunbound-dev_1.17.1-2+deb12u3_s390x.deb
 49afe636815a9e01c468e8b5f0ba6c8a53d101cb71444e8f621f6bc39b3be397 1227352 libunbound8-dbgsym_1.17.1-2+deb12u3_s390x.deb
 726d3c05dd71ff3475aa1150003d0e120c2509564981bf74fc326ad02224c158 503544 libunbound8_1.17.1-2+deb12u3_s390x.deb
 f9b933c5403bb4ed3bd56f6268f17fb37329ef8089fca0dc537d436fa4b61390 164888 python3-unbound-dbgsym_1.17.1-2+deb12u3_s390x.deb
 ff668cbf6f64a0000d12b444dcf989dc6a718da265b9eb4f0fd0dcf8b10ec22a 200176 python3-unbound_1.17.1-2+deb12u3_s390x.deb
 171624a962801763f3ad96a5154cc6a696c03be1f745c587436588078d0b5688 58772 unbound-anchor-dbgsym_1.17.1-2+deb12u3_s390x.deb
 f8ea458a4db3c75a67738db17abbea68ad09a07689e9ab1b6b1fcbabc1b18008 178608 unbound-anchor_1.17.1-2+deb12u3_s390x.deb
 e1cfd70c7e07cdda654686e322c6e218e47b432a7b00ec5f7f91dbc63c01d80e 4394672 unbound-dbgsym_1.17.1-2+deb12u3_s390x.deb
 63f1c55479a496965b583b9100bf5ca3b3009008e49b812b4272041b4f70b9a3 129604 unbound-host-dbgsym_1.17.1-2+deb12u3_s390x.deb
 6e751b193d0f380f5d4e418ebcb687926ea40cf5fe7aba591b7e53670d3922b9 197496 unbound-host_1.17.1-2+deb12u3_s390x.deb
 6a12e1995d14491f54192d0a323fc1778e0b384a3fa0321608093ff4f8d5247f 10772 unbound_1.17.1-2+deb12u3_s390x-buildd.buildinfo
 7f6a7f2ea1751ecfa917bbc097f793e6667ddef492f6a1402ace46a500b6e623 872648 unbound_1.17.1-2+deb12u3_s390x.deb
Files:
 372b4968707d87a1372c089e620f9181 594304 libdevel optional libunbound-dev_1.17.1-2+deb12u3_s390x.deb
 31d8c5d1444688df5569d3c5254ee485 1227352 debug optional libunbound8-dbgsym_1.17.1-2+deb12u3_s390x.deb
 61b17f4b968b06423ada033c5b3ad2b4 503544 libs optional libunbound8_1.17.1-2+deb12u3_s390x.deb
 146796e286a9403135d19a99672de994 164888 debug optional python3-unbound-dbgsym_1.17.1-2+deb12u3_s390x.deb
 6366e1ea9be52835bdf2edd4e46c3932 200176 python optional python3-unbound_1.17.1-2+deb12u3_s390x.deb
 b0a955d0051e9489abd368365e99cb98 58772 debug optional unbound-anchor-dbgsym_1.17.1-2+deb12u3_s390x.deb
 b9a2b1cfaffbd52444ca643e9da63c18 178608 net optional unbound-anchor_1.17.1-2+deb12u3_s390x.deb
 9721989744fd9d1f5e6cca0d051cfc52 4394672 debug optional unbound-dbgsym_1.17.1-2+deb12u3_s390x.deb
 c3910aace3457bc7bf4e6e4b7435fd53 129604 debug optional unbound-host-dbgsym_1.17.1-2+deb12u3_s390x.deb
 6ed2648f2fe198ea268589b6167101f2 197496 net optional unbound-host_1.17.1-2+deb12u3_s390x.deb
 59f379b2db6f163a5f335387439c3b59 10772 net optional unbound_1.17.1-2+deb12u3_s390x-buildd.buildinfo
 b6ea5abd5ad9c7325c76840551b4ca73 872648 net optional unbound_1.17.1-2+deb12u3_s390x.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu0D/YpnnSxv8epH9AKOyQzsWVasFAmis4HsACgkQAKOyQzsW
VasjEg//VUcLDgekNPzpqj5c3j5gy0zrcKE1xEICh0MxsNLMdNPoI55GOh6e//dm
4/dW9gs8zvUTHFWBzYR3J4e1Zhnc3bYGzanItc+gGxStkEat9n+BMH4dsCm78GFt
Cwj7SzIo3KwftE9iYImLyaG3eiZIJaYaOg/5eXhH8NXxoJ+e8hFp49OfUIONYwuu
oWe7ZLVOpVyx7VDLgjQi5bz2FYJ6S1rRsoBkDriJDoZ0shOI0BbgIMz7fdYrbiaZ
Gz4UZB4QZEgzPfcqAozcco2sdy1GkckiVoNsXcVW8sCbQq0f1QIeR7sPTWH+2zSj
DECNp3c/+ZAEE1xZCXn5SCOtr+P2Ab9OEsTHofVFmPZcv2o9I9gX4Gij9NT8vVn+
8pMN3Jl6fQEPa7SfsNGSZJTw3Vm/pDV4ZGZWAr5AwpZApTSUowvIy7fRXUej/OAT
q+m+mIyns9U/aUS4ieIkSuDgu/35JsEJDdQpTm8yMCLLHNt89GpzKDmItdtEsuvZ
lciEMv6Lsj72PKDG1k6tOHzXQ8td/LUh8wJd58kVHM142kUZrC+c17W1ztU2qiRZ
kToPXLZrK825Z0hhxHNfPl6CuC7D2a4SxzfrSnfOM/1y/pMQbyM/ZwhuY1Onbq7q
45H+mrrnIorsxXr7eXrRncnDbXxzkksHgDMsELDGg2XEPAmaDNo=
=YU1l
-----END PGP SIGNATURE-----