-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 May 2026 12:05:38 +0300
Source: unbound
Binary: libunbound-dev libunbound8 libunbound8-dbgsym python3-unbound python3-unbound-dbgsym unbound unbound-anchor unbound-anchor-dbgsym unbound-dbgsym unbound-host unbound-host-dbgsym
Architecture: i386
Version: 1.22.0-2+deb13u3
Distribution: trixie-security
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 libunbound-dev - static library, header files, and docs for libunbound
 libunbound8 - library implementing DNS resolution and validation
 python3-unbound - library implementing DNS resolution and validation (Python3 bindi
 unbound    - validating, recursive, caching DNS resolver
 unbound-anchor - utility to securely fetch the root DNS trust anchor
 unbound-host - reimplementation of the 'host' command
Closes: 1137187
Changes:
 unbound (1.22.0-2+deb13u3) trixie-security; urgency=medium
 .
   * May-2026 security updates in debian/patches/26-05/ subdir:
     01-Use-the-same-EDE-removal-logic-when-encoding-errors.patch
       this change was part of 1.25 release, it is a slight change in behaviour
       implemented after 1.22.0 release.  This change is not necessary for the
       security update, but it makes subsequent changes in this area to apply.
     02-CVE-2026-33278-Possible-RCU-in-DNSSEC-validation.patch
     03-CVE-2026-42944-Heap-overflow-multiple-nsid-cookie-padding.patch
     04-CVE-2026-42959-Crash-DNSSEC-validation-of-malicious-content.patch
     05-CVE-2026-32792-Packet-of-death-with-DNSCrypt.patch
     06-CVE-2026-40622-Ghost-domain-name-variant.patch
        (patch edited, expanded TTL_IS_EXPIRED() macro not present in 1.22)
     07-CVE-2026-41292-Parsing-a-long-list-of-incoming-EDNS-options.patch
     08-CVE-2026-42534-Jostle-logic-bypass-degrades-performance.patch
     09-CVE-2026-42923-Degradation-of-service-unbouded-NSEC-hash-calc.patch
     10-CVE-2026-42960-Possible-cache-poisoning-following-delegation.patch
     11-CVE-2026-44390-Unbounded-name-compression.patch
     12-CVE-2026-44608-UAF-in-RPZ-code.patch
     13-Unit-test-for-CVE-2026-33278.patch
     14-Unit-test-for-CVE-2026-42944.patch
     15-Unit-test-for-CVE-2026-42959.patch
     16-Unit-test-for-CVE-2026-40622.patch
     17-Unit-test-for-CVE-2026-42960.patch
     (Closes: #1137187)
Checksums-Sha1:
 4ae0f33fc0f736dfab2eeb739847269195ab9df2 740548 libunbound-dev_1.22.0-2+deb13u3_i386.deb
 f8b1d4cf59656f552e6af6ba2781bc71c22e19a8 1168712 libunbound8-dbgsym_1.22.0-2+deb13u3_i386.deb
 de36c2684ddbeaaa1dc283a058c45ee135f37c15 634332 libunbound8_1.22.0-2+deb13u3_i386.deb
 c1fe6883cfb4a7f169ae23495e64624b082953fd 155568 python3-unbound-dbgsym_1.22.0-2+deb13u3_i386.deb
 f1393a88c20cb6c7f65cdbf91178547c0d0dc921 222232 python3-unbound_1.22.0-2+deb13u3_i386.deb
 30b332b4813d79cda34db47668099644a40975dc 56908 unbound-anchor-dbgsym_1.22.0-2+deb13u3_i386.deb
 0b2093b53991a29050341285fd312eb7a2bc83d7 198392 unbound-anchor_1.22.0-2+deb13u3_i386.deb
 49bf73be11cfb2aa695031e4861231ba83fb9c39 4827692 unbound-dbgsym_1.22.0-2+deb13u3_i386.deb
 747aab32ee4ad5b6e7bd69101f419139890850e5 113756 unbound-host-dbgsym_1.22.0-2+deb13u3_i386.deb
 a05e4c7ca6bfa9c36a31629c5dbe4b639ccf4a56 221740 unbound-host_1.22.0-2+deb13u3_i386.deb
 2a1b84eadce7da801ec970a83631baece570ca90 10267 unbound_1.22.0-2+deb13u3_i386-buildd.buildinfo
 b0c8be4ae3171f3473cc8b0e925601d8606c4a7c 1076048 unbound_1.22.0-2+deb13u3_i386.deb
Checksums-Sha256:
 ca19d433f0fe38495e2b77fcb9f5fd66827dd95e62af3c4a4e05e0cb88589c15 740548 libunbound-dev_1.22.0-2+deb13u3_i386.deb
 1dc3ed824dea70367ec83ecc43540d17120be36854633321192703269c05d202 1168712 libunbound8-dbgsym_1.22.0-2+deb13u3_i386.deb
 a52d322557ac35ba0ed763650bc963e3382170660ba88f9850aced26b92c2982 634332 libunbound8_1.22.0-2+deb13u3_i386.deb
 f672427913a3843231fc5ba5a3a03398ed3f07358a8376a32abbb1c385a433a7 155568 python3-unbound-dbgsym_1.22.0-2+deb13u3_i386.deb
 6bb43c1ef304967b07213c48dd62c72b47d1ea0ba496286b3214995509e34451 222232 python3-unbound_1.22.0-2+deb13u3_i386.deb
 be0904735360f3a85633d81648cf7c1e72ad8bc5a07de8bce5c12fb2dc3d250c 56908 unbound-anchor-dbgsym_1.22.0-2+deb13u3_i386.deb
 7eb1f6b364fa2e9ba119c648a6437d44b839c337df045de1aa0708907d494873 198392 unbound-anchor_1.22.0-2+deb13u3_i386.deb
 60708af3dfd99a48d238494dcc9c9f8a5e46c3e3d09b8d164822e3cf0de80f4c 4827692 unbound-dbgsym_1.22.0-2+deb13u3_i386.deb
 3b73264e1a009ceeb3266f052713bca843e7732988804e43de56cb1ed4d4bb0d 113756 unbound-host-dbgsym_1.22.0-2+deb13u3_i386.deb
 960fb2f61b26b556e521c09fcc0b85ce84ac2fb202a4fa53d4eb1a15dc8da889 221740 unbound-host_1.22.0-2+deb13u3_i386.deb
 7aa86045fa2f3167e732176e3ab5e48cb639fc6503258bcb5de4efffabc31c80 10267 unbound_1.22.0-2+deb13u3_i386-buildd.buildinfo
 dfc66bfa06c3ad87b70f968bab943cf24fe71dca7c5c4821640bc14db4a02b6a 1076048 unbound_1.22.0-2+deb13u3_i386.deb
Files:
 973a9e2bab69799cc700e032f9cb005c 740548 libdevel optional libunbound-dev_1.22.0-2+deb13u3_i386.deb
 759f1b49bb21c4e516fc5f043ac7eb9b 1168712 debug optional libunbound8-dbgsym_1.22.0-2+deb13u3_i386.deb
 fa98f22c35cacb16765952099598c40c 634332 libs optional libunbound8_1.22.0-2+deb13u3_i386.deb
 ec8aae1427edcf165f0ffa8b3384d994 155568 debug optional python3-unbound-dbgsym_1.22.0-2+deb13u3_i386.deb
 0faef4e53081ecb27b0049bda20e122e 222232 python optional python3-unbound_1.22.0-2+deb13u3_i386.deb
 b47e9f53ba2f049e1b579c11c2f12597 56908 debug optional unbound-anchor-dbgsym_1.22.0-2+deb13u3_i386.deb
 a65a46ccb2cd4c7ffe99430dcbb6d5da 198392 net optional unbound-anchor_1.22.0-2+deb13u3_i386.deb
 bbe584fefcd7275d1a9412aa770def61 4827692 debug optional unbound-dbgsym_1.22.0-2+deb13u3_i386.deb
 69b23470722f53894c610aabbc02b1d4 113756 debug optional unbound-host-dbgsym_1.22.0-2+deb13u3_i386.deb
 602a8eeb2e2637ef3fc84316f83b08a8 221740 net optional unbound-host_1.22.0-2+deb13u3_i386.deb
 96003df81dc2742bcce87d6b975ed652 10267 net optional unbound_1.22.0-2+deb13u3_i386-buildd.buildinfo
 f745c5536ae81c7b57318bdcf1cd18d3 1076048 net optional unbound_1.22.0-2+deb13u3_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmtr4KUMaso2EQ6NrTwt/65ON6zcFAmoVlxYACgkQTwt/65ON
6zdNAg//b3wePYWLGiGbS7+jEaL+51TOwd1U0eOd4613Wsl79D/Mz+RyX4AMs8Mr
fIC7kOElM1uq1jKF6//iB/ihDiFrPMqjkvL1omX6Szojjprh0EMWlsVyd76zTbcU
SSln8mCWhsmUtxNQum9OuWqbu4YWN/aXGS8QhCvn8qBJLg9GBI2hB/iF9fZEUwJG
pnn17xxXt11AG2dOHXIVD3ziBEAcqPFy/7Bfd9RfZWtSDjiS1+P9pgNX3cYHbH9m
rYuvhzykooGOLjoAVTjhKgPKtfwC1QqHYir9JbWZ67a0ZWBcgpaqfkofUpmKDvHg
ld4J1+J1F1bhEH5m2w6lzN/Y2/BspHa+b4UQkJIg3H24rfK23DVwwnZF+F1/QlM2
qaUeihYqM1yihQcop2MopJCyDa9wtwNRwyUZclaWjY8W/a8D6xjGu63Mz0jVkRCJ
ib6d8Rgi5y6ST5CwUNUjhOrhcC75zd7V8hRtJVOaeF1a6JQOZw2noWON7FJVqq+l
GkhVxWWqhTZOnD+IZaP1B+S1is8l/XXi0keD6rIX3yI97D80bj9NmwHW/JvazV6M
SfMxHabIaBuDnpcx9WO3kYvi1uLF+/vz9mR9RegmXFUfZpLfv0rW0uHWkjB2nvGZ
jZjJIFObTT06HGAPY5EYM8OO9SoCj9KHc276fD0WeJTsKpyqtpw=
=pFc8
-----END PGP SIGNATURE-----