-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 May 2026 12:05:38 +0300
Source: unbound
Binary: libunbound-dev libunbound8 libunbound8-dbgsym python3-unbound python3-unbound-dbgsym unbound unbound-anchor unbound-anchor-dbgsym unbound-dbgsym unbound-host unbound-host-dbgsym
Architecture: arm64
Version: 1.22.0-2+deb13u3
Distribution: trixie-security
Urgency: medium
Maintainer: arm64 Build Daemon (arm-conova-04) <buildd_arm64-arm-conova-04@buildd.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 libunbound-dev - static library, header files, and docs for libunbound
 libunbound8 - library implementing DNS resolution and validation
 python3-unbound - library implementing DNS resolution and validation (Python3 bindi
 unbound    - validating, recursive, caching DNS resolver
 unbound-anchor - utility to securely fetch the root DNS trust anchor
 unbound-host - reimplementation of the 'host' command
Closes: 1137187
Changes:
 unbound (1.22.0-2+deb13u3) trixie-security; urgency=medium
 .
   * May-2026 security updates in debian/patches/26-05/ subdir:
     01-Use-the-same-EDE-removal-logic-when-encoding-errors.patch
       this change was part of 1.25 release, it is a slight change in behaviour
       implemented after 1.22.0 release.  This change is not necessary for the
       security update, but it makes subsequent changes in this area to apply.
     02-CVE-2026-33278-Possible-RCU-in-DNSSEC-validation.patch
     03-CVE-2026-42944-Heap-overflow-multiple-nsid-cookie-padding.patch
     04-CVE-2026-42959-Crash-DNSSEC-validation-of-malicious-content.patch
     05-CVE-2026-32792-Packet-of-death-with-DNSCrypt.patch
     06-CVE-2026-40622-Ghost-domain-name-variant.patch
        (patch edited, expanded TTL_IS_EXPIRED() macro not present in 1.22)
     07-CVE-2026-41292-Parsing-a-long-list-of-incoming-EDNS-options.patch
     08-CVE-2026-42534-Jostle-logic-bypass-degrades-performance.patch
     09-CVE-2026-42923-Degradation-of-service-unbouded-NSEC-hash-calc.patch
     10-CVE-2026-42960-Possible-cache-poisoning-following-delegation.patch
     11-CVE-2026-44390-Unbounded-name-compression.patch
     12-CVE-2026-44608-UAF-in-RPZ-code.patch
     13-Unit-test-for-CVE-2026-33278.patch
     14-Unit-test-for-CVE-2026-42944.patch
     15-Unit-test-for-CVE-2026-42959.patch
     16-Unit-test-for-CVE-2026-40622.patch
     17-Unit-test-for-CVE-2026-42960.patch
     (Closes: #1137187)
Checksums-Sha1:
 e03fc5a4f0f8a071991204fd26ef8d937c24820e 669384 libunbound-dev_1.22.0-2+deb13u3_arm64.deb
 4f88b09fbfe3df576085ade66a5d76873d1370a7 1340808 libunbound8-dbgsym_1.22.0-2+deb13u3_arm64.deb
 4a3390b3c79480635f87ecb6ab31af2c8000104d 556128 libunbound8_1.22.0-2+deb13u3_arm64.deb
 c01e0a09f3191893eb7e0d740048d6b873372167 163164 python3-unbound-dbgsym_1.22.0-2+deb13u3_arm64.deb
 817e1361750ec9bcf49292b9ee2174bc0f6231b3 219332 python3-unbound_1.22.0-2+deb13u3_arm64.deb
 f4753489412c52ab6ca2701ce5c6cd2cffadeefc 59284 unbound-anchor-dbgsym_1.22.0-2+deb13u3_arm64.deb
 24cc43e6b750542a2dfe72535bcc9c94f6f7148d 194480 unbound-anchor_1.22.0-2+deb13u3_arm64.deb
 2aa6f4f6097486fd2397948a961076953a2d6ca4 5425360 unbound-dbgsym_1.22.0-2+deb13u3_arm64.deb
 8747ce2255b4467775609bfa5116a479c57ce150 132460 unbound-host-dbgsym_1.22.0-2+deb13u3_arm64.deb
 0bd38ee20a727dbf566ce70246115a7ff0397d03 216136 unbound-host_1.22.0-2+deb13u3_arm64.deb
 01aa7b6ecf96162a3d7654f49e5022b7653de165 10374 unbound_1.22.0-2+deb13u3_arm64-buildd.buildinfo
 ec269fdf1d8a0753bed6a1eda92f782bb9b9e5b9 968180 unbound_1.22.0-2+deb13u3_arm64.deb
Checksums-Sha256:
 225058fed20516bdf65d48ceb830c18f4c6f47aa940f032eb5dc4b8a1d12c899 669384 libunbound-dev_1.22.0-2+deb13u3_arm64.deb
 d5f0c9711dea906bac092be4e68ce5a7dd2c042e720dbb2620eeca22c9b9691f 1340808 libunbound8-dbgsym_1.22.0-2+deb13u3_arm64.deb
 8b173b9fceffe7195084dc6d9eb93d8efb0866f8cfd565f0c5f376896ebc84fa 556128 libunbound8_1.22.0-2+deb13u3_arm64.deb
 b1370bad1aea6d84b17bf642221407a35ded367e360c1a2f153c11dff0763609 163164 python3-unbound-dbgsym_1.22.0-2+deb13u3_arm64.deb
 a0b85820223303994cedcfe54cd4b14a3e6d9fc9d7a83de2b98eb5ab62724bdd 219332 python3-unbound_1.22.0-2+deb13u3_arm64.deb
 392ec914e368e962ccbcf926bb86dce47b75049a2a51a3e53c8c5ba2066c4e6f 59284 unbound-anchor-dbgsym_1.22.0-2+deb13u3_arm64.deb
 e3ab86912e1caf3f05ef12048dad1c8ce805a1bb8c89291809e3ee9f03b0d75a 194480 unbound-anchor_1.22.0-2+deb13u3_arm64.deb
 9eec1ef15acb795a1e1eec971145f0879eba0a3bff0cb6ee5964ca950f7f34d6 5425360 unbound-dbgsym_1.22.0-2+deb13u3_arm64.deb
 edddf8a00bd1125c0ccd5484e3136428246a945b0fdfdd310b2e2e06e73fb25d 132460 unbound-host-dbgsym_1.22.0-2+deb13u3_arm64.deb
 b1a01c4fa1b483c89052b02f5c637f12129bd851e1a3f53e07ea3987f204080a 216136 unbound-host_1.22.0-2+deb13u3_arm64.deb
 eefac03e67dd9aed7d51c274114d2e79e984d92ca2cccc1af7c85a7c0aace420 10374 unbound_1.22.0-2+deb13u3_arm64-buildd.buildinfo
 75e99348ad28af5ecebc58572f7df7a277ad2c453ba34ebf955ba4fdd7e7da4e 968180 unbound_1.22.0-2+deb13u3_arm64.deb
Files:
 9ee77d1b88bebc3296346daa35bd40c7 669384 libdevel optional libunbound-dev_1.22.0-2+deb13u3_arm64.deb
 c6f889f9204d7838ead15d4ad2b2de8e 1340808 debug optional libunbound8-dbgsym_1.22.0-2+deb13u3_arm64.deb
 39cc63fb456cf5c52bbed420c2b580e0 556128 libs optional libunbound8_1.22.0-2+deb13u3_arm64.deb
 65929c67a9ff245635ba7240239a812e 163164 debug optional python3-unbound-dbgsym_1.22.0-2+deb13u3_arm64.deb
 f19a9bf0abe61a4bfd908224bad217d2 219332 python optional python3-unbound_1.22.0-2+deb13u3_arm64.deb
 bb240f213688fb276ccb7abb2bb27ee6 59284 debug optional unbound-anchor-dbgsym_1.22.0-2+deb13u3_arm64.deb
 5b002bd3a206b404ebfbcf9d092d2857 194480 net optional unbound-anchor_1.22.0-2+deb13u3_arm64.deb
 d0e153b97002ef3572879cecbc436a0c 5425360 debug optional unbound-dbgsym_1.22.0-2+deb13u3_arm64.deb
 5c2560f23e7901d20cd2e6e78936b24f 132460 debug optional unbound-host-dbgsym_1.22.0-2+deb13u3_arm64.deb
 274a465dd020a3727a37b5bd8bd5edd2 216136 net optional unbound-host_1.22.0-2+deb13u3_arm64.deb
 a3ad3ba49cbb8de52d0c4a11e1a407ce 10374 net optional unbound_1.22.0-2+deb13u3_arm64-buildd.buildinfo
 b10351f0f652c6eb42f13893e2d05209 968180 net optional unbound_1.22.0-2+deb13u3_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYxmcRLDHP0tCCM0oScpU3dYulLgFAmoVlrsACgkQScpU3dYu
lLiOdw/+K2YRyf/xu3RLnzy30GWjrcunlcJZwMBJZV8mIXJkhKFiNVQgJ9UNJzBU
km/lKIlNBc7xPhrqf9wA0DLo6CdKL+q86rIoezQ8KlE5Sk10t5PxMCdS60JWzWP0
ISGxBj+UeQ2Cv2Suim2hLjH0PKPsYzqoYQearOxytrpOc3Z+EtmOrTNZmpHTZLpu
JAujcam2wp2jdYZJnrYtzKlBqlIAy5tI8uwXo9oENG/338l3f5rw5KnNxPOkDT2h
JMyaiETwOUQJ+wac2fAvZ/Iaa+lqa3N9Lucgp0UNsGI97EWag4wsOVZthc3u56ZA
KG5O2xPIQwKDI25gMDkIaSnwZsJrPRWH6V4M3xrZ2JmklcWMDis9dgLh62sk2V30
MkEFXln2NNkYkss0CUnOtqtUU430aTql6ecRtAdRimkt9L1nATwasCzyMof4KhCN
wqhxlGYMC2AMDAdoeyONRlHqmpUrdH45q1nSKQRZaBlPMv0fzCKHikLiCwjNpnzH
hMgJwhAI+L0M4DVWnZIjYlINLI+rZaUSryOXNR2K/ZonFgkJtMc6jkbnb31OSq4H
Ui3knyN1ANS9Jt7EqKY0tDVfvquFvepWklGjGMHX4wF2nFszoIbA+i5WIG8EhIpD
MvIi/ehr+4/GlW0VORpkWv+FISoO4VoduTb/O59EFYmZwzVDevo=
=7oLF
-----END PGP SIGNATURE-----