-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 May 2026 12:05:38 +0300
Source: unbound
Binary: libunbound-dev libunbound8 libunbound8-dbgsym python3-unbound python3-unbound-dbgsym unbound unbound-anchor unbound-anchor-dbgsym unbound-dbgsym unbound-host unbound-host-dbgsym
Architecture: armhf
Version: 1.22.0-2+deb13u3
Distribution: trixie-security
Urgency: medium
Maintainer: armhf Build Daemon (arm-conova-01) <buildd_arm64-arm-conova-01@buildd.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 libunbound-dev - static library, header files, and docs for libunbound
 libunbound8 - library implementing DNS resolution and validation
 python3-unbound - library implementing DNS resolution and validation (Python3 bindi
 unbound    - validating, recursive, caching DNS resolver
 unbound-anchor - utility to securely fetch the root DNS trust anchor
 unbound-host - reimplementation of the 'host' command
Closes: 1137187
Changes:
 unbound (1.22.0-2+deb13u3) trixie-security; urgency=medium
 .
   * May-2026 security updates in debian/patches/26-05/ subdir:
     01-Use-the-same-EDE-removal-logic-when-encoding-errors.patch
       this change was part of 1.25 release, it is a slight change in behaviour
       implemented after 1.22.0 release.  This change is not necessary for the
       security update, but it makes subsequent changes in this area to apply.
     02-CVE-2026-33278-Possible-RCU-in-DNSSEC-validation.patch
     03-CVE-2026-42944-Heap-overflow-multiple-nsid-cookie-padding.patch
     04-CVE-2026-42959-Crash-DNSSEC-validation-of-malicious-content.patch
     05-CVE-2026-32792-Packet-of-death-with-DNSCrypt.patch
     06-CVE-2026-40622-Ghost-domain-name-variant.patch
        (patch edited, expanded TTL_IS_EXPIRED() macro not present in 1.22)
     07-CVE-2026-41292-Parsing-a-long-list-of-incoming-EDNS-options.patch
     08-CVE-2026-42534-Jostle-logic-bypass-degrades-performance.patch
     09-CVE-2026-42923-Degradation-of-service-unbouded-NSEC-hash-calc.patch
     10-CVE-2026-42960-Possible-cache-poisoning-following-delegation.patch
     11-CVE-2026-44390-Unbounded-name-compression.patch
     12-CVE-2026-44608-UAF-in-RPZ-code.patch
     13-Unit-test-for-CVE-2026-33278.patch
     14-Unit-test-for-CVE-2026-42944.patch
     15-Unit-test-for-CVE-2026-42959.patch
     16-Unit-test-for-CVE-2026-40622.patch
     17-Unit-test-for-CVE-2026-42960.patch
     (Closes: #1137187)
Checksums-Sha1:
 74bb17db4e254aa427fdc58a456a11e8c7a46060 639052 libunbound-dev_1.22.0-2+deb13u3_armhf.deb
 8d147ef687d5b14243d735f19cce62bf5b2fd00a 1327108 libunbound8-dbgsym_1.22.0-2+deb13u3_armhf.deb
 2a3fc185d2a0bbbce62db29f7ea013d9b3d6ddc8 540504 libunbound8_1.22.0-2+deb13u3_armhf.deb
 42400db8de197c1e09e1a6a88169a5f35f5f7c44 176632 python3-unbound-dbgsym_1.22.0-2+deb13u3_armhf.deb
 f15f8c0fc3c0a714517bb19c41407551f8bd7c5f 217644 python3-unbound_1.22.0-2+deb13u3_armhf.deb
 5646590150aa1f5e6ad6632c93b87f5b1142453a 59384 unbound-anchor-dbgsym_1.22.0-2+deb13u3_armhf.deb
 2e0e3209f3f1d19f08d8b1da8251a7f53a915de0 193344 unbound-anchor_1.22.0-2+deb13u3_armhf.deb
 535830c793cbc688b23bd1c49fb61f07eb9d4782 4970924 unbound-dbgsym_1.22.0-2+deb13u3_armhf.deb
 eee7a9bafabc60b8e4e18ebf83192009bf9ca1a6 132624 unbound-host-dbgsym_1.22.0-2+deb13u3_armhf.deb
 78bebe70727cee63446ce627259d254bb72db858 210196 unbound-host_1.22.0-2+deb13u3_armhf.deb
 ce7b7cb367825b78ba542cbaea6e6467fcc97b6a 10256 unbound_1.22.0-2+deb13u3_armhf-buildd.buildinfo
 9a67ba7db72b43313212f84aeccfc4c238126f61 893052 unbound_1.22.0-2+deb13u3_armhf.deb
Checksums-Sha256:
 f61aef28709621a3c63a3965e1aa05bcd38438f91b60a8f258190d5dd3f3fecd 639052 libunbound-dev_1.22.0-2+deb13u3_armhf.deb
 e3888e4a5c06f83b0f623872ba8509bbc51fa3ea4274fdd51a4fe107017ef61e 1327108 libunbound8-dbgsym_1.22.0-2+deb13u3_armhf.deb
 c4ad8d716ccfc64afccac5b2013d54e007630915f5a63c9e8fd671104889e02e 540504 libunbound8_1.22.0-2+deb13u3_armhf.deb
 e40a1ebe14a2028de6b2d194c4e90383b63fcae1ce0d1d95ab6426b65c4eb678 176632 python3-unbound-dbgsym_1.22.0-2+deb13u3_armhf.deb
 cdc60d846d90dbaebb89a52639732588f6692f76a8885d94a7e156bf9673243e 217644 python3-unbound_1.22.0-2+deb13u3_armhf.deb
 10fe26b7c2de029ae85b0499fa47e61b4f16b075a84e57741ba03c09815104a5 59384 unbound-anchor-dbgsym_1.22.0-2+deb13u3_armhf.deb
 6bb5f4bbd05da9cfcbfe5bbf3e961619dcb656d9d6d4bee376b812217e714bf5 193344 unbound-anchor_1.22.0-2+deb13u3_armhf.deb
 89f4e9fd52bc035e3afbe6e319f38290ecf5e87770428064caaa547c4cf83e5c 4970924 unbound-dbgsym_1.22.0-2+deb13u3_armhf.deb
 5ba8f2a53111e31d5796ed98ed8599209ffa1e7736ba032d080edfae770a472a 132624 unbound-host-dbgsym_1.22.0-2+deb13u3_armhf.deb
 92f5c2ae1d474fe7cd5ee8b6c267fc9f0f48b707b8478e9ee55e1eb3a73012a3 210196 unbound-host_1.22.0-2+deb13u3_armhf.deb
 aa1f3cd242999cd9500972075699b53a61411f5570cdadef2641ffc4e7d6503f 10256 unbound_1.22.0-2+deb13u3_armhf-buildd.buildinfo
 b1521547f38c6463f5aa33642d4d0a5ed2f9b4c005786f46ae947aba416ea9dd 893052 unbound_1.22.0-2+deb13u3_armhf.deb
Files:
 de15b486faa655e95ea79a857c29a6a1 639052 libdevel optional libunbound-dev_1.22.0-2+deb13u3_armhf.deb
 80862aedc197ff7a374e121806d79bee 1327108 debug optional libunbound8-dbgsym_1.22.0-2+deb13u3_armhf.deb
 41e0cf7a12e5b886596de562113f5482 540504 libs optional libunbound8_1.22.0-2+deb13u3_armhf.deb
 4e7b3186e6e7413742fce73c9b201f63 176632 debug optional python3-unbound-dbgsym_1.22.0-2+deb13u3_armhf.deb
 afcaa448f034a6e739709c4d08f05060 217644 python optional python3-unbound_1.22.0-2+deb13u3_armhf.deb
 1a2c28a72c220649f5a07ff3dfe927f4 59384 debug optional unbound-anchor-dbgsym_1.22.0-2+deb13u3_armhf.deb
 dc1c2ef23e27b1c130e0e52ddc0a461b 193344 net optional unbound-anchor_1.22.0-2+deb13u3_armhf.deb
 9aae4fca3ef55232f6d0f42bc2918c13 4970924 debug optional unbound-dbgsym_1.22.0-2+deb13u3_armhf.deb
 d954bf61b344b7c60c511258b35a19ba 132624 debug optional unbound-host-dbgsym_1.22.0-2+deb13u3_armhf.deb
 971eb4f536a4a9a16660e7fd322ca472 210196 net optional unbound-host_1.22.0-2+deb13u3_armhf.deb
 439af7049ebbf9e3ae378787d55137fc 10256 net optional unbound_1.22.0-2+deb13u3_armhf-buildd.buildinfo
 7da5788451856fa185cc5024e1407b92 893052 net optional unbound_1.22.0-2+deb13u3_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO4qAQUSIo2p/kVRf8U6eOZMpj68FAmoVltwACgkQ8U6eOZMp
j69ijRAAvrr/tffoAYoiKiqQ9ja1Z1oLIOS+ElVWjpw320NWYYD78WpCH0LsH7uD
wnz1wX3gDEh1UhtoH/djiwihZZ6xMWSG9jivhhTkm/6/jmV03rNdgLMS+j6tvCwW
xH1X8V+MGLe4++rLFnA7PU+yAQwdiVUhJsZE2FVQhTUvLppjLBPz0CAvPxF8+dp2
PuF+zx4/6lHnTbxxVa1UIg7b6RZfPCJxsJhxbY4n44kCMFogk9cGKccXQ6V8oZeC
fAJIR8GmtlhlQEvE3thjCX0yHwyYnrofQl1qcVz4Pk9t7C04581P0hZDAervYlaO
UrqbRhbO9QxbbjariXYuDA4f4IkagUkpfn2t5R6vHZZu3JMucokWkxYumFe59Ki6
TPLp+ezAc2mexVUGOaIY48eEmJO+7/AddAqGSgfsqu5jAKQVSewhp6+ZPkBQG9BJ
Wm3i9gHTCkrQQl3n6lRRCqf2NCV5Ychlx0NXuTR1IauUWa1CSmZj9gQs5ag9mkcS
D+P6Ko/SHZvubhV9VUs+cxxJMlt0EWo+GU1yGQsoJgdENrap6WLEz3q/EFz+fnOx
9Dt2K6ZuEQp7ur/bxhd7MIG/3oZh3FFBFSl1gbDiV8SKKHOOJfOHKC+D4s+noCVY
XT6oWxjz3PX8pUciIkZU3F6oIvmgd4GjGAIwB9LqxEztOJkyqGc=
=+Foj
-----END PGP SIGNATURE-----