-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 24 Aug 2025 18:37:35 +0200
Source: unbound
Binary: libunbound-dev libunbound8 libunbound8-dbgsym python3-unbound python3-unbound-dbgsym unbound unbound-anchor unbound-anchor-dbgsym unbound-dbgsym unbound-host unbound-host-dbgsym
Architecture: mipsel
Version: 1.17.1-2+deb12u3
Distribution: bookworm-security
Urgency: high
Maintainer: mipsel Build Daemon (mipsel-osuosl-05) <buildd_mips64el-mipsel-osuosl-05@buildd.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 libunbound-dev - static library, header files, and docs for libunbound
 libunbound8 - library implementing DNS resolution and validation
 python3-unbound - library implementing DNS resolution and validation (Python3 bindi
 unbound    - validating, recursive, caching DNS resolver
 unbound-anchor - utility to securely fetch the root DNS trust anchor
 unbound-host - reimplementation of the 'host' command
Closes: 1078647 1083282 1109427
Changes:
 unbound (1.17.1-2+deb12u3) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2024-8508: Denial of service vulnerability when processing
     malicious upstreams responses with very large RRsets. (Closes: #1083282)
   * Fix CVE-2024-33655: The DNSBomb attack, via specially timed DNS queries
     and answers, can cause a Denial of Service on resolvers and spoofed
     targets.  Unbound itself is not vulnerable for DoS, but it can be used to
     take part in a pulsing DoS amplification attack.
   * Fix CVE-2025-5994: Resolvers supporting ECS need to segregate outgoing
     queries to accommodate for different outgoing ECS information.  This
     re-opens up resolvers to a birthday paradox attack (Rebirthday Attack)
     that tries to match the DNS transaction ID in order to cache non-ECS
     poisonous replies. (Closes: #1109427)
   * Fix CVE-2024-43167: NULL pointer dereference flaw was found in the
     ub_ctx_set_fwd(). (Closes: #1078647)
   * Fix CVE-2024-43168: Heap-buffer overflow in the cfg_mark_ports().
   * Add upstream patch to update IP addresses for b.root-servers.net in root
     hints.
Checksums-Sha1:
 b43962c987a7c68bc5127beb4b71f282eb969ae4 671588 libunbound-dev_1.17.1-2+deb12u3_mipsel.deb
 579182da68a67092ad3af7969cfe6484d1ec4396 1291280 libunbound8-dbgsym_1.17.1-2+deb12u3_mipsel.deb
 e67cfb6ef54930e47d4f52b6efeecd8d403956b3 507364 libunbound8_1.17.1-2+deb12u3_mipsel.deb
 8aae703ef01eb58c3221c0aabb321b15ff736388 190488 python3-unbound-dbgsym_1.17.1-2+deb12u3_mipsel.deb
 f11e786db4003f30232389ad9dc871ac37bd2186 196624 python3-unbound_1.17.1-2+deb12u3_mipsel.deb
 4f8736f093e2e1c11764aca0ee750338a75e2ac2 62756 unbound-anchor-dbgsym_1.17.1-2+deb12u3_mipsel.deb
 655ca740f762ab1baa7d6d3074b37e6f5735eac6 181124 unbound-anchor_1.17.1-2+deb12u3_mipsel.deb
 628a1c2bd236fee63417378eaa7ce0174f8cb62a 4740032 unbound-dbgsym_1.17.1-2+deb12u3_mipsel.deb
 eb7af916b7d2179dedee8eaebf8e1761b54e5b95 139252 unbound-host-dbgsym_1.17.1-2+deb12u3_mipsel.deb
 2f250cb0e896c080157deaae12ebdc6e4498b2fb 203980 unbound-host_1.17.1-2+deb12u3_mipsel.deb
 9de39f7044e76b2d6c53e0b6f78345b864753bfa 10709 unbound_1.17.1-2+deb12u3_mipsel-buildd.buildinfo
 664fa9ee5c79d382420d5dc9739b3aa8cf116945 905300 unbound_1.17.1-2+deb12u3_mipsel.deb
Checksums-Sha256:
 f58495bdc2e1f43f364edb29ad95ac8cf71b7f1ddedaae34306fda45b916eac8 671588 libunbound-dev_1.17.1-2+deb12u3_mipsel.deb
 aed0f1350c7ce4225e49aab64544bb5367f3bcf43070d60e3f734472d0c90c89 1291280 libunbound8-dbgsym_1.17.1-2+deb12u3_mipsel.deb
 8dedd89a718403a84ff8fdc9406c8a8377d9a9b3dedaf15aa8c2bb4dbea4a9b5 507364 libunbound8_1.17.1-2+deb12u3_mipsel.deb
 6067dc5ab72a185b44448ca62fd2ef941d1e95aa09bba4b879c3431c6c6b7f5c 190488 python3-unbound-dbgsym_1.17.1-2+deb12u3_mipsel.deb
 54074027425bb42a7845fab8ccef4b3a1bf13a2461a77b00d15ead1a9aa5a544 196624 python3-unbound_1.17.1-2+deb12u3_mipsel.deb
 bb208596d41caa6670710171744345ce15113577196bc87237a95460ba9e0c2f 62756 unbound-anchor-dbgsym_1.17.1-2+deb12u3_mipsel.deb
 f7d76d0b22af12fa856b728a0c98943c934eebee439bb2d21f4f5a2d4371c6b7 181124 unbound-anchor_1.17.1-2+deb12u3_mipsel.deb
 0290317f5a9f12baf32269648e1ba8e7153e19c2ebe7aa17f7c44d3cb3165c4f 4740032 unbound-dbgsym_1.17.1-2+deb12u3_mipsel.deb
 3e474ad76420c1c4b69d58c0d4fdafa6da10ec7f1af3ddfc7592b9ce843fd065 139252 unbound-host-dbgsym_1.17.1-2+deb12u3_mipsel.deb
 2df2fedf3e50878f4300c81cfb678a6a1742f16128dd28f66f317ccddff20e0b 203980 unbound-host_1.17.1-2+deb12u3_mipsel.deb
 cb9564c9896f9a9e54b4ef40aefc394c8abd1c97b2171e9aea7b6c4b91d5c681 10709 unbound_1.17.1-2+deb12u3_mipsel-buildd.buildinfo
 29ec7467cebdc6cadb6beda5457a3ab0c3232273d8908ac4ed048a260bf27b2f 905300 unbound_1.17.1-2+deb12u3_mipsel.deb
Files:
 ce7ea9b459efbdbb7da1a2ca6037105e 671588 libdevel optional libunbound-dev_1.17.1-2+deb12u3_mipsel.deb
 da4009cfb206b72e2549d821134dbe1f 1291280 debug optional libunbound8-dbgsym_1.17.1-2+deb12u3_mipsel.deb
 5242eaacd0669a7c27fe7ba3a4d9a514 507364 libs optional libunbound8_1.17.1-2+deb12u3_mipsel.deb
 e5fc12107276ecc87040842d2dabcd47 190488 debug optional python3-unbound-dbgsym_1.17.1-2+deb12u3_mipsel.deb
 79cfdd8e1679c962870f7c5ac0aef3b5 196624 python optional python3-unbound_1.17.1-2+deb12u3_mipsel.deb
 61f8a34b15deb8dc3beda9072a68e6a3 62756 debug optional unbound-anchor-dbgsym_1.17.1-2+deb12u3_mipsel.deb
 a864bea630ba1123c4e60a34af3b5ce3 181124 net optional unbound-anchor_1.17.1-2+deb12u3_mipsel.deb
 eef297c34f5d65aa975199ec8205b191 4740032 debug optional unbound-dbgsym_1.17.1-2+deb12u3_mipsel.deb
 84318329a87b922485ca3c5d914d6134 139252 debug optional unbound-host-dbgsym_1.17.1-2+deb12u3_mipsel.deb
 981bab7c46b589d1d54bb8851b4227b4 203980 net optional unbound-host_1.17.1-2+deb12u3_mipsel.deb
 56ac6267e67bfde160f4817393c958c3 10709 net optional unbound_1.17.1-2+deb12u3_mipsel-buildd.buildinfo
 11183dd84a605f0a7a23baf97792e0f3 905300 net optional unbound_1.17.1-2+deb12u3_mipsel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYLhEzFkGpb3yYRVHmlVdU6AM9BUFAmis4hMACgkQmlVdU6AM
9BWY6g//ejSLX7WlEsC5wWzrDh5Hrg6XHSa/nHMuG2tlMifk0QRlMITnIFIYmOlN
FtLKaBA7oqR6ESQQrCgBJrDACenMkW8NsRMAnDVWF7VGOduwol4D0KTHgwQoA9m4
YXOkXpm5/ETZVBNMpDGxhxEQsTZxV4E9JNyLXQ4GARarGjo2Ub31QzMrh3okPwWE
kffNrd7V7S9vrt7+9Xs7/Ti71Uz0RqseorUU8OI/S05zyYkoRzT8syfJw0rPQYpF
2AHaTKBUpe37avi4Vdog3roVHjLUH5hEhTKv1iJD8S+NQElLpRVlOe20al6LsM3p
dcXbmJz4QG0b5xFV/mNG5mu6D5qeGiHyGdEmB20i2BKx124NqRtJnj50KJdcAni6
LEG6clAJfF3fB/gxHhhbGczHJYU94yxeGc+3ADrHOEKkK32vQXzAYm9oFoQeH+ld
pcmOCfUI9ai94BrYnteihfHHJwMa+/3N634KdcOnYngAt9qssV/9yY5b1s1yJIVV
D+hYLlSkQNQ6Pet/3T0UPR9QSbfQeuMFxluka0R/gWD3utmiOZAIBC7cDZnvZB6D
mzmJsuWX1WAcOW9ojFvGNND5mfkDzpqcXvoT6Wi+v3KRGigNoU9j1MmEANH4IBTH
sNOzZMCyPX3Ho9kD4iOrESXQ1c7d1AFNwWha2EKeRaSYqZpUnzQ=
=p+Il
-----END PGP SIGNATURE-----