-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 30 Nov 2025 13:33:55 +0300 Source: unbound Architecture: source Version: 1.17.1-2+deb12u4 Distribution: bookworm Urgency: medium Maintainer: unbound packagers Changed-By: Michael Tokarev Closes: 1100870 1121446 Changes: unbound (1.17.1-2+deb12u4) bookworm; urgency=medium . * CVE-2024-33655.patch: remove unrelated change testdata/fwd_udptmout.tdir/fwd_udptmout.conf is not modified by the upstream commit in question (c3206f4568f6) * fix-823-Response-change-to-NODATA-for-some-ANY-queries.patch Fixes: https://github.com/NLnetLabs/unbound/issues/823 * fix-not-following-cleared-RD-flags-amplification.patch fix potential amplification DDoS attacks * replace combined CVE-2023-50387_CVE-2023-50868_1.16.1-1.17.1.patch with 2 separate upstream commits, add patch descriptions, and add missing changes for testdata files: o CVE-2023-50387-DNSSEC-verification-complexity.patch o CVE-2023-50387_CVE-2023-50868_1.16.1-1.17.1.patch * 3 changes to fix CVE-2025-11411 (possible domain hijacking attack): o 1-iterator-iter_scrub.c-pass-module_env-parameter-to-s.patch (a change from "Add harden-unknown-additional option" upstream patch) o 2-possible-domain-hijacking-attack.patch o 3-additional-fix-for-possible-domain-hijacking.patch (Closes: #1121446) * fix-595-unbound-anchor-cannot-deal-with-full-disk.patch Fixes: https://github.com/NLnetLabs/unbound/issues/595 (Closes: #1100870) * d/gbp.conf: set default branch to debian/bookworm Checksums-Sha1: 3615ab581f792e3f3f2cb91a90e99d0bf171467e 3298 unbound_1.17.1-2+deb12u4.dsc 90da3bb8883931e30384057722dd9d1df4286f46 6244773 unbound_1.17.1.orig.tar.gz 6b754d1c792a1f6d01d6706a75777b87d434b134 833 unbound_1.17.1.orig.tar.gz.asc 1b61b719cc446bc895bba26aa93fc4503fe9e576 75016 unbound_1.17.1-2+deb12u4.debian.tar.xz c63703eae1e77b81d8db82ac11f4aea41b3a054c 6658 unbound_1.17.1-2+deb12u4_source.buildinfo Checksums-Sha256: 7833b82f7a888354c672dd743c19551325cb745e9a70793e90f4c9493ebaa065 3298 unbound_1.17.1-2+deb12u4.dsc ee4085cecce12584e600f3d814a28fa822dfaacec1f94c84bfd67f8a5571a5f4 6244773 unbound_1.17.1.orig.tar.gz b66a35d11545a1334b8aec1848c8c7ee0e01ef4a2950f2260a7c26b6fd61bfbf 833 unbound_1.17.1.orig.tar.gz.asc b756330de8dd715ac8305bf36be0b0cc93a11703d2c542b4a320dcf1e71b229a 75016 unbound_1.17.1-2+deb12u4.debian.tar.xz 7c60674027288634b8388a16c4c53a2dbe5bc9759bfbf6b6c53ef6bf8a53e7e7 6658 unbound_1.17.1-2+deb12u4_source.buildinfo Files: ea3d7497fcb20e41b0af248025e95d2f 3298 net optional unbound_1.17.1-2+deb12u4.dsc bb96df2dc579c11ada537dbc52781abc 6244773 net optional unbound_1.17.1.orig.tar.gz 8a6399230741197bdd17cc7e7686fe31 833 net optional unbound_1.17.1.orig.tar.gz.asc 8b02cb5a8cf64bb6bce878aacaf9788c 75016 net optional unbound_1.17.1-2+deb12u4.debian.tar.xz 3d26fe2d017082b62013a401d61935be 6658 net optional unbound_1.17.1-2+deb12u4_source.buildinfo -----BEGIN PGP SIGNATURE----- wsG7BAEBCgBvBYJpNFlxCRCCqkokOx6UeEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmeRYmJ3Ep1b38tfla7G/TJZqb65bORHq3eUUX5zowq7 YBYhBGSqKrUx1WkDNmv++YKqSiQ7HpR4AADMsg//QtN0M5U6NU2t3TeTeZVcAICW z784PDluPJ5yq2VnSTl10rTrZYLLgEdrbnKPNr31u7LLX6Tg20fgQwZoOCeJI1OH PYUV5/7ImzoKED7F5+XrbS3zkVG8/6nUVQuzqZjcep51DlPOAMynmV0PQvmFCisD y5H13oxE6ZODYCf5nsl/3dXpMNg2cQZH+7uA6UQ5OFSmxlK8UdLBJxfqyiOWg4Vm lDrc7nOemsri6AZLymI7BWS0XAUaXkmUTB8S0RCVB+pUJKw//Dba9d4+ywqXmA0i IVO6GJWHVd4RjAAoW64Q4DInMszvGIEQ//RcxLzM6aBBW1XuV9kgW8RFQp5lREz/ PxBEQ0xHprGd7iv4T4DgeZ35wjPD/Y0HwOkRO+S1D2l8DQLPq8k/HhmimuVV9qey YPMv16mZLE0L0yrhITTz3emCs3Q/Oc+Abx+rLNGnG5qJpT8MrmYwp4BFAd6gz9VN gmhZ1FHzhZ9BdBqg5wvUUlw9K7NVXoUYojicjjDYJPmxlqBLwytGa2YKFzDhPuQY b4Ys4f5HJ7hMJjVg2nXRXovrqxdwXJHU9W27M85vp5Yz7svUQXboBrx00yx7SMVN oLUUgC7OoHZYlSyLVMb7ubBJayKhY/VbeohZw2BqZAxI/qwQsuxHfwdWpTbwrEa/ pM/VnvqTlycM2bguJXk= =YJ5A -----END PGP SIGNATURE-----