-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 25 May 2026 12:05:38 +0300 Source: unbound Architecture: source Version: 1.22.0-2+deb13u3 Distribution: trixie-security Urgency: medium Maintainer: unbound packagers <[email protected]> Changed-By: Michael Tokarev <[email protected]> Closes: 1137187 Changes: unbound (1.22.0-2+deb13u3) trixie-security; urgency=medium . * May-2026 security updates in debian/patches/26-05/ subdir: 01-Use-the-same-EDE-removal-logic-when-encoding-errors.patch this change was part of 1.25 release, it is a slight change in behaviour implemented after 1.22.0 release. This change is not necessary for the security update, but it makes subsequent changes in this area to apply. 02-CVE-2026-33278-Possible-RCU-in-DNSSEC-validation.patch 03-CVE-2026-42944-Heap-overflow-multiple-nsid-cookie-padding.patch 04-CVE-2026-42959-Crash-DNSSEC-validation-of-malicious-content.patch 05-CVE-2026-32792-Packet-of-death-with-DNSCrypt.patch 06-CVE-2026-40622-Ghost-domain-name-variant.patch (patch edited, expanded TTL_IS_EXPIRED() macro not present in 1.22) 07-CVE-2026-41292-Parsing-a-long-list-of-incoming-EDNS-options.patch 08-CVE-2026-42534-Jostle-logic-bypass-degrades-performance.patch 09-CVE-2026-42923-Degradation-of-service-unbouded-NSEC-hash-calc.patch 10-CVE-2026-42960-Possible-cache-poisoning-following-delegation.patch 11-CVE-2026-44390-Unbounded-name-compression.patch 12-CVE-2026-44608-UAF-in-RPZ-code.patch 13-Unit-test-for-CVE-2026-33278.patch 14-Unit-test-for-CVE-2026-42944.patch 15-Unit-test-for-CVE-2026-42959.patch 16-Unit-test-for-CVE-2026-40622.patch 17-Unit-test-for-CVE-2026-42960.patch (Closes: #1137187) Checksums-Sha1: 3b99900bf7ee4bb79d00ee0cad864e79d4fbe484 3299 unbound_1.22.0-2+deb13u3.dsc 0dcb1b90126eb244aca1ce01c60da8aa62e0f314 6682466 unbound_1.22.0.orig.tar.gz d8f1d3eb62b83aa4d2a05963f443bb60bf0c3f3a 833 unbound_1.22.0.orig.tar.gz.asc 47d6c2ca6a3186374dc727eda0cce259c58214c1 61136 unbound_1.22.0-2+deb13u3.debian.tar.xz 5b6e477f01fc719b88f637325a2eab16fff371b3 7003 unbound_1.22.0-2+deb13u3_source.buildinfo Checksums-Sha256: ade536ed9c112076e61c6e367528f77749cbf3156b29f8a57a0ac96a81c6c5cb 3299 unbound_1.22.0-2+deb13u3.dsc c5dd1bdef5d5685b2cedb749158dd152c52d44f65529a34ac15cd88d4b1b3d43 6682466 unbound_1.22.0.orig.tar.gz 1b5d91ad040b1f1c0351b8f6fe288b4123fc63b887152463512be69bc687f915 833 unbound_1.22.0.orig.tar.gz.asc 5a77787dcb3fc60fad846d846bd4534a9114dd6cf44de305bcd7e3d174ab90fb 61136 unbound_1.22.0-2+deb13u3.debian.tar.xz 699fe3215c559231392dd2615b863de2ce5830bec52ef4486a587706d8c136e4 7003 unbound_1.22.0-2+deb13u3_source.buildinfo Files: 410bfc2b4adf6e27a199f4ece0dc8548 3299 net optional unbound_1.22.0-2+deb13u3.dsc be0e5ae64c6619a638c116addd4da670 6682466 net optional unbound_1.22.0.orig.tar.gz 4e435494ea5757d1ea1f89aca2bb0be0 833 net optional unbound_1.22.0.orig.tar.gz.asc c69eb6f8fea185706f80dac7c35cf1e8 61136 net optional unbound_1.22.0-2+deb13u3.debian.tar.xz 8f55ded6f39079b7dca368dbf8b463af 7003 net optional unbound_1.22.0-2+deb13u3_source.buildinfo
-----BEGIN PGP SIGNATURE----- wsG7BAEBCgBvBYJqFZBICRCCqkokOx6UeEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmeLV41BIgWekLpwZ2J91mNzddHWfk8ZI/1hqC5NefsX jBYhBGSqKrUx1WkDNmv++YKqSiQ7HpR4AAAXiBAAwYazlJLxcIaCJQW9aVL6HpVe ESiun2g/Swg92cSI34eQbNivH4fnFkG8bCDRKm8DdNqFKvvqLjoadyNhrV4iMRZF hurUO71WH18wKaOtMdEFm7aVlmoMtOHCWtfxeUpI3UWtIMu2ae6QDeVqf3CKwCdZ 55E582a5MlQefvM2CWLyFdJRFmPncvPuZ8m9HElSGdNNhq+2ziR7eyE9l3ESEH/l j8sZSB+l47e+HNNIxuCiY34DBPXXYqZgZuE1GmYJ1JTXT+JZ+1jKhppfk+oBjf5P Bdl8basVHemCHJ2nLU32MzU57MyAq7n5+Zyzc3WCJeW4JH9iyDAHxR7yqf/Y0gmE hUk01WLNfdh7n9UrIQn73MnLjDgvhNMgdoI6Eh8lY5NXd9e9qf5EdWA76L29o8YH +VP1mYQ8vo8dbzudalqBQ0rbC9p0xI9M0Holp2F41m0eCZej5m71A4eHSzL9pdup EnVkE8FJlxUE7WVSVmxr0+ZLLibcPhrobZlD3/ZP7t7XmSjIDbFGyIgsbhJHcCar cvqmagrDm0QIqk2l4+6X/m08k3MpNHbe2XqrME8yhEhL/cqmhCxsGenOjccCNeHk avFPm4HsYGLi3jP/5sV1d4LtPMkOjVoBWqsAppEWLzpkfJGhe5WzGU5h6Jy+/8eb LVFjz/SiXXNCVK/SYIA= =KO5W -----END PGP SIGNATURE-----
pgpbbDKqL61po.pgp
Description: PGP signature
