CVSROOT: /cvs Module name: src Changes by: [email protected] 2025/11/27 07:50:38
Modified files:
usr.sbin/unbound/iterator: iter_scrub.c
Log message:
Fix incomplete mitigation of CVE-2025-11411 by applying the non-test part of
https://nlnetlabs.nl/downloads/unbound/patch_CVE-2025-11411_2_wtests.diff
This extends the previous fix by also scrubbing unsolicited NS RRSets (and
their respective address records) for YXDOMAIN and nodata non-referral answers.
