-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 30 Nov 2025 13:33:55 +0300
Source: unbound
Binary: libunbound-dev libunbound8 libunbound8-dbgsym python3-unbound python3-unbound-dbgsym unbound unbound-anchor unbound-anchor-dbgsym unbound-dbgsym unbound-host unbound-host-dbgsym
Architecture: amd64
Version: 1.17.1-2+deb12u4
Distribution: bookworm
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 libunbound-dev - static library, header files, and docs for libunbound
 libunbound8 - library implementing DNS resolution and validation
 python3-unbound - library implementing DNS resolution and validation (Python3 bindi
 unbound    - validating, recursive, caching DNS resolver
 unbound-anchor - utility to securely fetch the root DNS trust anchor
 unbound-host - reimplementation of the 'host' command
Closes: 1100870 1121446
Changes:
 unbound (1.17.1-2+deb12u4) bookworm; urgency=medium
 .
   * CVE-2024-33655.patch: remove unrelated change
     testdata/fwd_udptmout.tdir/fwd_udptmout.conf is not modified
     by the upstream commit in question (c3206f4568f6)
   * fix-823-Response-change-to-NODATA-for-some-ANY-queries.patch
     Fixes: https://github.com/NLnetLabs/unbound/issues/823
   * fix-not-following-cleared-RD-flags-amplification.patch
     fix potential amplification DDoS attacks
   * replace combined CVE-2023-50387_CVE-2023-50868_1.16.1-1.17.1.patch
     with 2 separate upstream commits, add patch descriptions, and add
     missing changes for testdata files:
      o CVE-2023-50387-DNSSEC-verification-complexity.patch
      o CVE-2023-50387_CVE-2023-50868_1.16.1-1.17.1.patch
   * 3 changes to fix CVE-2025-11411 (possible domain hijacking attack):
      o 1-iterator-iter_scrub.c-pass-module_env-parameter-to-s.patch
        (a change from "Add harden-unknown-additional option" upstream patch)
      o 2-possible-domain-hijacking-attack.patch
      o 3-additional-fix-for-possible-domain-hijacking.patch
     (Closes: #1121446)
   * fix-595-unbound-anchor-cannot-deal-with-full-disk.patch
     Fixes: https://github.com/NLnetLabs/unbound/issues/595
     (Closes: #1100870)
   * d/gbp.conf: set default branch to debian/bookworm
Checksums-Sha1:
 703da051eeece6b5e14119abaaeceade42394eb0 637308 libunbound-dev_1.17.1-2+deb12u4_amd64.deb
 67357c4c57b7447b7c0d621b6138b391c5a58163 1254116 libunbound8-dbgsym_1.17.1-2+deb12u4_amd64.deb
 8ef83f0f02465acc2d45089f88f5a2038144196c 552964 libunbound8_1.17.1-2+deb12u4_amd64.deb
 c29acb91a98087263ab506effd3185485d935f3d 170528 python3-unbound-dbgsym_1.17.1-2+deb12u4_amd64.deb
 2b72fcb27c0c366e40e1f72cc341a4087a7b2d6a 203324 python3-unbound_1.17.1-2+deb12u4_amd64.deb
 26fab3f77fa805493a03b996ed59352dbaa55e5e 61036 unbound-anchor-dbgsym_1.17.1-2+deb12u4_amd64.deb
 beec1fac4b9d4f39a3e8bc147f739c320fe2f738 180620 unbound-anchor_1.17.1-2+deb12u4_amd64.deb
 3a0682a40d15995bbbbb633bfcd3ceb05ff1b034 5035768 unbound-dbgsym_1.17.1-2+deb12u4_amd64.deb
 b7cec29f9e6acb717b8052e13100d77b63cd8677 132232 unbound-host-dbgsym_1.17.1-2+deb12u4_amd64.deb
 696925348279593fead285b5deeb3ca71c1b271d 201704 unbound-host_1.17.1-2+deb12u4_amd64.deb
 468d719f0a256cfc7e76d0006b41e2602721caa0 10912 unbound_1.17.1-2+deb12u4_amd64-buildd.buildinfo
 ad1edb38653b9627e4789a403fd3d1ac98ec8b3b 952056 unbound_1.17.1-2+deb12u4_amd64.deb
Checksums-Sha256:
 43952d490d785997220b00e72da651bdca434efac8bd0dd1746479b840392515 637308 libunbound-dev_1.17.1-2+deb12u4_amd64.deb
 cc4f312402b76e56ad6bf18ee85d56a76f385be1ab53e26d406d6e7f81c3cebb 1254116 libunbound8-dbgsym_1.17.1-2+deb12u4_amd64.deb
 6d600bab908e5aec4beb4d948ffa95b3cb7470f55a79557b328524d17b853374 552964 libunbound8_1.17.1-2+deb12u4_amd64.deb
 4452476d47f3ceb1fa967de24aeaa40ad8c71f0a2227c63dbf93830b02d9120e 170528 python3-unbound-dbgsym_1.17.1-2+deb12u4_amd64.deb
 44d5df169d91e9323a777a2ced4900b290e0920604def7f98caa2d89c9083b4d 203324 python3-unbound_1.17.1-2+deb12u4_amd64.deb
 a764ae672807dfb9284d848cfa1a91b2c57993581bd48e73295a93e4c5c11932 61036 unbound-anchor-dbgsym_1.17.1-2+deb12u4_amd64.deb
 7699677173f379c896774e0331ae8cee7df2fdfc00c1d9aaf3ef064a10b7eca9 180620 unbound-anchor_1.17.1-2+deb12u4_amd64.deb
 2687f909352f39d0e57501c9ea1b5a367d024380c0d1ff7d6a62a86efac85dec 5035768 unbound-dbgsym_1.17.1-2+deb12u4_amd64.deb
 50d9097e561dbf299c0ebe89df79c4321e685e112bf57aea8e6510ed2c22d9b6 132232 unbound-host-dbgsym_1.17.1-2+deb12u4_amd64.deb
 7c814148876b8dc2741960b26545a1f1c2828b8c2b84ed33dc32210902421515 201704 unbound-host_1.17.1-2+deb12u4_amd64.deb
 536ac36a5c107f481351d866f28f24f4a899d647a0cbc28fa47bb7b1d427b7d3 10912 unbound_1.17.1-2+deb12u4_amd64-buildd.buildinfo
 ff025d2aa8319bccd4c41460293b92eb714b85396ee0b781d37c9ce0bbf8a9db 952056 unbound_1.17.1-2+deb12u4_amd64.deb
Files:
 6605a1c0474f86314f8cf73959830008 637308 libdevel optional libunbound-dev_1.17.1-2+deb12u4_amd64.deb
 b4c154874cc959d8ce27e8367598405b 1254116 debug optional libunbound8-dbgsym_1.17.1-2+deb12u4_amd64.deb
 a521e4be8b4b625b7ee125e81571191e 552964 libs optional libunbound8_1.17.1-2+deb12u4_amd64.deb
 1e400b98cd92faa84c87b0b40c978acf 170528 debug optional python3-unbound-dbgsym_1.17.1-2+deb12u4_amd64.deb
 4a322383f351b9b5d92c21343f7af4fd 203324 python optional python3-unbound_1.17.1-2+deb12u4_amd64.deb
 93f414b716390fa45fbd0fb6ae0f14bc 61036 debug optional unbound-anchor-dbgsym_1.17.1-2+deb12u4_amd64.deb
 09abbda52370305277102881d3ae4e79 180620 net optional unbound-anchor_1.17.1-2+deb12u4_amd64.deb
 dc7f1dc38d808ebd0214cabadff04a5e 5035768 debug optional unbound-dbgsym_1.17.1-2+deb12u4_amd64.deb
 1473c5a0a00bd642f5e8ad696fbc6df5 132232 debug optional unbound-host-dbgsym_1.17.1-2+deb12u4_amd64.deb
 b46203f751c0b8cbbc4b121232534c3c 201704 net optional unbound-host_1.17.1-2+deb12u4_amd64.deb
 db9dff60b65083445f77b71c6a4edd9d 10912 net optional unbound_1.17.1-2+deb12u4_amd64-buildd.buildinfo
 80f092466bdacc8c69c175eb2c245d3d 952056 net optional unbound_1.17.1-2+deb12u4_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEnw0rdzqckKx6dwRTEbCLukZn24oFAmk1vHoACgkQEbCLukZn
24otRxAAj159cFW1VkJe9p7h0nAu1e+zf9XW9+5X3rN4NgpmmPwwMx5WaCGWzFfs
tDaD91f13hAGvoMPvDkT5eoNMmf7okEt5KlBq2a/Pu0CZg+TSibgc3lFG9LTObhY
/5JmDxvrPkkmtBCyUdqm4E9UeAZykbRGcAZS/JrGrgoIPFCMYDqSlzeGe4EIzKGt
1Dqeybza6cVo7UWvtWLuXDNJPfUvdk/E9xACp4IeyhkYWxac0dFPI4deYrYSl3G9
tpeUhYz2LV0UvI2UkK2kgFKDenMFhM8hjYuFJXiLfCHUs4ZfNhMlKw4lZJ1VNHfW
STGAqEQowEn4On6ek82lN/sV0E9N2013F594SHbGcr1694+ZQwVfV9Td1DHVdvrA
FEGTbNdTtNcHVFA/yohZ35pYyaapIWvxI6S+wvUdkLmpLXRnKoTJJga1tS7N66Qj
Ee0W/yKZc2MWLpvvZU5kkrwpaP10uLtpxlIUeOY2Zy+C9thiqhkY5LxLcaJ7cFmk
EN9LVJKDrgXZMSEBfnTtXoiXY/6DAxQRHHx17wyhfa1/Y/e5cU9ALaEYZhUuVq+i
i0qvkI3wugXk8wm+VovovDlr1o7YquohNKiYSPtyBMvmc4m2MDoKP0iQ6hW9ZVld
iv13m+O6HraExnoVhzXbQHjsxpnaVEkIIBHCMWU76kQ0driWRes=
=m6SF
-----END PGP SIGNATURE-----