-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 May 2026 12:05:38 +0300
Source: unbound
Binary: libunbound-dev libunbound8 libunbound8-dbgsym python3-unbound python3-unbound-dbgsym unbound unbound-anchor unbound-anchor-dbgsym unbound-dbgsym unbound-host unbound-host-dbgsym
Architecture: riscv64
Version: 1.22.0-2+deb13u3
Distribution: trixie-security
Urgency: medium
Maintainer: riscv64 Build Daemon (rv-manda-04) <buildd_riscv64-rv-manda-04@buildd.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 libunbound-dev - static library, header files, and docs for libunbound
 libunbound8 - library implementing DNS resolution and validation
 python3-unbound - library implementing DNS resolution and validation (Python3 bindi
 unbound    - validating, recursive, caching DNS resolver
 unbound-anchor - utility to securely fetch the root DNS trust anchor
 unbound-host - reimplementation of the 'host' command
Closes: 1137187
Changes:
 unbound (1.22.0-2+deb13u3) trixie-security; urgency=medium
 .
   * May-2026 security updates in debian/patches/26-05/ subdir:
     01-Use-the-same-EDE-removal-logic-when-encoding-errors.patch
       this change was part of 1.25 release, it is a slight change in behaviour
       implemented after 1.22.0 release.  This change is not necessary for the
       security update, but it makes subsequent changes in this area to apply.
     02-CVE-2026-33278-Possible-RCU-in-DNSSEC-validation.patch
     03-CVE-2026-42944-Heap-overflow-multiple-nsid-cookie-padding.patch
     04-CVE-2026-42959-Crash-DNSSEC-validation-of-malicious-content.patch
     05-CVE-2026-32792-Packet-of-death-with-DNSCrypt.patch
     06-CVE-2026-40622-Ghost-domain-name-variant.patch
        (patch edited, expanded TTL_IS_EXPIRED() macro not present in 1.22)
     07-CVE-2026-41292-Parsing-a-long-list-of-incoming-EDNS-options.patch
     08-CVE-2026-42534-Jostle-logic-bypass-degrades-performance.patch
     09-CVE-2026-42923-Degradation-of-service-unbouded-NSEC-hash-calc.patch
     10-CVE-2026-42960-Possible-cache-poisoning-following-delegation.patch
     11-CVE-2026-44390-Unbounded-name-compression.patch
     12-CVE-2026-44608-UAF-in-RPZ-code.patch
     13-Unit-test-for-CVE-2026-33278.patch
     14-Unit-test-for-CVE-2026-42944.patch
     15-Unit-test-for-CVE-2026-42959.patch
     16-Unit-test-for-CVE-2026-40622.patch
     17-Unit-test-for-CVE-2026-42960.patch
     (Closes: #1137187)
Checksums-Sha1:
 54e1197218fd68bfb3a8c03727368c4844938b4c 1410196 libunbound-dev_1.22.0-2+deb13u3_riscv64.deb
 dc651817aba17c76969e54900ce89e70823a333f 1295952 libunbound8-dbgsym_1.22.0-2+deb13u3_riscv64.deb
 1bb1479e33e99765b04b264315450d737d71d71c 606696 libunbound8_1.22.0-2+deb13u3_riscv64.deb
 69501800da348ef0f0fae55bd152e76dd92f3043 146532 python3-unbound-dbgsym_1.22.0-2+deb13u3_riscv64.deb
 152372f41996f7db491a88795a52a82fc27651a1 221344 python3-unbound_1.22.0-2+deb13u3_riscv64.deb
 912ba33c4fd5025dbd6e09e8d6c13beed7922f2f 56892 unbound-anchor-dbgsym_1.22.0-2+deb13u3_riscv64.deb
 c62c8e2d511b33a2f2847078086d56d0d0a686ff 195248 unbound-anchor_1.22.0-2+deb13u3_riscv64.deb
 7dcdffbb71459f4137d85b6c6d87ea8ecd55ec9e 5143584 unbound-dbgsym_1.22.0-2+deb13u3_riscv64.deb
 49b72401e861807e3ef8524df00eac5af5eac8a1 128396 unbound-host-dbgsym_1.22.0-2+deb13u3_riscv64.deb
 b3fc6bc8ef7808690023d10337d435460ff16569 221044 unbound-host_1.22.0-2+deb13u3_riscv64.deb
 80d1a849451db73615fa3d8d2c430fed5c2480e3 10394 unbound_1.22.0-2+deb13u3_riscv64-buildd.buildinfo
 8690d1edf8c723838e6f4310035e83e16f912ea2 1045472 unbound_1.22.0-2+deb13u3_riscv64.deb
Checksums-Sha256:
 08cc0876f70dd95e99f3d94c707589aa1177e920c44dd37422ca1b22853312c0 1410196 libunbound-dev_1.22.0-2+deb13u3_riscv64.deb
 45cba78f566555181610ff41cf49907e7a656291444ee909ef9d4f7c811c2631 1295952 libunbound8-dbgsym_1.22.0-2+deb13u3_riscv64.deb
 f5bf7b5fdef0a44ac1ab7d550894edf4b28341b6fd79c2ca709956a7600cf67b 606696 libunbound8_1.22.0-2+deb13u3_riscv64.deb
 43867f1c9d77de02299f45b2b7aaf9ff0bfa3f3653dcf38d405ff77f5bdee907 146532 python3-unbound-dbgsym_1.22.0-2+deb13u3_riscv64.deb
 81a19966e7a2e169ecceec2fd5bb9b7d5702ae0e46ee2b6ea075ad0a2a590c2e 221344 python3-unbound_1.22.0-2+deb13u3_riscv64.deb
 bac94ac5f2d8e5bce665f62106c8800b4c8a851787421223a96afce441c59030 56892 unbound-anchor-dbgsym_1.22.0-2+deb13u3_riscv64.deb
 1262fc1c45a18a45b91921a93d632c878d1047c863e7335e0ff44aac51cb4908 195248 unbound-anchor_1.22.0-2+deb13u3_riscv64.deb
 9c29aeac036fd2573bd24cf5f24781e61b7cd109643625e10bcce68031cfda62 5143584 unbound-dbgsym_1.22.0-2+deb13u3_riscv64.deb
 177f3835801c84e76b82bf3304a5151b62800a8b3e30d358fc8c3fd46a10d5d3 128396 unbound-host-dbgsym_1.22.0-2+deb13u3_riscv64.deb
 433597c3b1a8144381190490f1df579f5c65d347500c126972ad92a1747b01cb 221044 unbound-host_1.22.0-2+deb13u3_riscv64.deb
 a07faf02bedabca4d5a704e50d0edee2ca4a70311ebab2732422a93e7db87358 10394 unbound_1.22.0-2+deb13u3_riscv64-buildd.buildinfo
 094ddc0cec3f188ff93dae0d04a0ba373d9969698a06b01e46f7a8f1c2eaec02 1045472 unbound_1.22.0-2+deb13u3_riscv64.deb
Files:
 5f5ee356706ff57b006ad610bc29f1fb 1410196 libdevel optional libunbound-dev_1.22.0-2+deb13u3_riscv64.deb
 0fbc9cc5bab05eebf4aa7e9a448f5dca 1295952 debug optional libunbound8-dbgsym_1.22.0-2+deb13u3_riscv64.deb
 f40675158c30be69cb65836009f2f7d1 606696 libs optional libunbound8_1.22.0-2+deb13u3_riscv64.deb
 784fd9f0c3531f8b09a794c575012b5a 146532 debug optional python3-unbound-dbgsym_1.22.0-2+deb13u3_riscv64.deb
 aebedb47d87d039a68be4eb6f74eef13 221344 python optional python3-unbound_1.22.0-2+deb13u3_riscv64.deb
 2b0ce1fcf274dfb8bf7bb857579fb52e 56892 debug optional unbound-anchor-dbgsym_1.22.0-2+deb13u3_riscv64.deb
 a10e1d93c4384dce761144355e6a850c 195248 net optional unbound-anchor_1.22.0-2+deb13u3_riscv64.deb
 e9a146960a0976e8cab0504522d81c13 5143584 debug optional unbound-dbgsym_1.22.0-2+deb13u3_riscv64.deb
 fd9d28e94aab27978635fa2f736401ef 128396 debug optional unbound-host-dbgsym_1.22.0-2+deb13u3_riscv64.deb
 52c53cc8d68962348819fbd246f4e0f3 221044 net optional unbound-host_1.22.0-2+deb13u3_riscv64.deb
 606db469d8eda5f850899d1921e4283b 10394 net optional unbound_1.22.0-2+deb13u3_riscv64-buildd.buildinfo
 f679f21d52aaf572cca83b68192a9242 1045472 net optional unbound_1.22.0-2+deb13u3_riscv64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpWtAFYomK/29mcYCqTndZcwOQoMFAmoVn90ACgkQqTndZcwO
QoOeiQ//Uh4lwz2HH2JOHDpk4tjdoNcgiJhuERSJ/egyMvAUD9ugn/1WYczsd4ON
j41gXzC/PSZrbChA8bvgFKfwkMH+l0AZHDRBfenFmo4Qr4CKPoRhS+4wvss3J/o+
iRcHkenNfBtrrvcnOZpf2AFUqBVlHIQBpf9qjJGdBBq/hnwkH7xkX6e189N2vOzf
CNlOfkeIRsiYpNlWQ6ju9fy7jOWUMfl7OiJ4Dz4Qhp5eX9A55zCGc41ypALyXara
PmsB7De7GbZX75GtYX0S2CnwgX3w0agWOXrXAESU9bewruSVNWiEZEYSXWe4Dy0U
sKXMeOaCDJEJpvGxoTcnkyRsh59o0VSIe9yUJSQxJwRsQnbNf2O9gYpPaofUPrqY
KBbogusWHaCAhOUZhlnWFf8adUJZCYBXtz3k9lY/6NjeRQtVHQsK/G9bXXFbMd6o
7HqOzKCzxBazcnqYql43KkyeqrW11GKSGFr/5YV9a2HFdqFX5bmSIw7ytaIH70q6
9gp9GlTYGdwKqi/N2cphuKtL8HyWEmfR8feUhfBxjWE/bZg6scDt0G7cR4HLWqS5
+gXWW7BQJwIAMVB2LIbhnl4xD26+CUXTrbROzFdQpFZ2Z2rKFdyaNGIViO4MYos0
TCurBkg3SUJnCHIsSxXeu7uotc2tN20s8k72WQqIbxKHe9U8klY=
=x9Mv
-----END PGP SIGNATURE-----