CVSROOT: /cvs Module name: src Changes by: [email protected] 2025/11/28 00:38:36
Modified files:
sbin/unwind/libunbound/iterator: iter_scrub.c
Log message:
Sync to unbound
--------
Fix incomplete mitigation of CVE-2025-11411 by applying the non-test part of
https://nlnetlabs.nl/downloads/unbound/patch_CVE-2025-11411_2_wtests.diff
This extends the previous fix by also scrubbing unsolicited NS RRSets (and
their respective address records) for YXDOMAIN and nodata non-referral answers.
--------
