-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 May 2026 12:05:38 +0300
Source: unbound
Binary: libunbound-dev libunbound8 libunbound8-dbgsym python3-unbound python3-unbound-dbgsym unbound unbound-anchor unbound-anchor-dbgsym unbound-dbgsym unbound-host unbound-host-dbgsym
Architecture: amd64
Version: 1.22.0-2+deb13u3
Distribution: trixie-security
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) <buildd_amd64-x86-grnet-03@buildd.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 libunbound-dev - static library, header files, and docs for libunbound
 libunbound8 - library implementing DNS resolution and validation
 python3-unbound - library implementing DNS resolution and validation (Python3 bindi
 unbound    - validating, recursive, caching DNS resolver
 unbound-anchor - utility to securely fetch the root DNS trust anchor
 unbound-host - reimplementation of the 'host' command
Closes: 1137187
Changes:
 unbound (1.22.0-2+deb13u3) trixie-security; urgency=medium
 .
   * May-2026 security updates in debian/patches/26-05/ subdir:
     01-Use-the-same-EDE-removal-logic-when-encoding-errors.patch
       this change was part of 1.25 release, it is a slight change in behaviour
       implemented after 1.22.0 release.  This change is not necessary for the
       security update, but it makes subsequent changes in this area to apply.
     02-CVE-2026-33278-Possible-RCU-in-DNSSEC-validation.patch
     03-CVE-2026-42944-Heap-overflow-multiple-nsid-cookie-padding.patch
     04-CVE-2026-42959-Crash-DNSSEC-validation-of-malicious-content.patch
     05-CVE-2026-32792-Packet-of-death-with-DNSCrypt.patch
     06-CVE-2026-40622-Ghost-domain-name-variant.patch
        (patch edited, expanded TTL_IS_EXPIRED() macro not present in 1.22)
     07-CVE-2026-41292-Parsing-a-long-list-of-incoming-EDNS-options.patch
     08-CVE-2026-42534-Jostle-logic-bypass-degrades-performance.patch
     09-CVE-2026-42923-Degradation-of-service-unbouded-NSEC-hash-calc.patch
     10-CVE-2026-42960-Possible-cache-poisoning-following-delegation.patch
     11-CVE-2026-44390-Unbounded-name-compression.patch
     12-CVE-2026-44608-UAF-in-RPZ-code.patch
     13-Unit-test-for-CVE-2026-33278.patch
     14-Unit-test-for-CVE-2026-42944.patch
     15-Unit-test-for-CVE-2026-42959.patch
     16-Unit-test-for-CVE-2026-40622.patch
     17-Unit-test-for-CVE-2026-42960.patch
     (Closes: #1137187)
Checksums-Sha1:
 8db18e1ff9d760e357120b30280f1f813e37f26c 686788 libunbound-dev_1.22.0-2+deb13u3_amd64.deb
 b9abd73a8513a39398bf0e44b61b928d9d82df07 1338880 libunbound8-dbgsym_1.22.0-2+deb13u3_amd64.deb
 a4f2f5b9d8c0868a58a897e71aaa617becafa7af 598784 libunbound8_1.22.0-2+deb13u3_amd64.deb
 81ca177e914f2eec850c5f5fe75416035fca0fe8 167904 python3-unbound-dbgsym_1.22.0-2+deb13u3_amd64.deb
 a2d14e6abb74b19045744bf729f674f8d42288c1 220500 python3-unbound_1.22.0-2+deb13u3_amd64.deb
 c12804dce38cd6cfc3205dc9f3fa5530ce38e4ac 59224 unbound-anchor-dbgsym_1.22.0-2+deb13u3_amd64.deb
 ed74a1f8fcab5ad841a4abc1454890d1cb01d45f 195352 unbound-anchor_1.22.0-2+deb13u3_amd64.deb
 940ed8e055010781ae8be16da79c7fd5b1188692 5473356 unbound-dbgsym_1.22.0-2+deb13u3_amd64.deb
 e27fd5581469efbdb5667baacf6b560f9f62ff9b 132924 unbound-host-dbgsym_1.22.0-2+deb13u3_amd64.deb
 655286f98d0f0d9cbf120c77767f7d0b4f6075ee 218552 unbound-host_1.22.0-2+deb13u3_amd64.deb
 1d926532e872715e8918484a26370258ee1e6e02 10393 unbound_1.22.0-2+deb13u3_amd64-buildd.buildinfo
 22b5fcfb350d8f1ff6f70ba36c436a41230168c8 1032008 unbound_1.22.0-2+deb13u3_amd64.deb
Checksums-Sha256:
 cd6694bb4e7735814711c85b178acefe5d06f5a2f32e11badcb026f9201d7147 686788 libunbound-dev_1.22.0-2+deb13u3_amd64.deb
 40d288324d15831b16863abfc390fc28a0fc0a9cbe1aea02c2da1bfb998dd4ed 1338880 libunbound8-dbgsym_1.22.0-2+deb13u3_amd64.deb
 39e4e5bc6f870bf8fd77e45b36588c76bf0a7f2ec1c8f9b4416b0aa662b1c521 598784 libunbound8_1.22.0-2+deb13u3_amd64.deb
 e00614f03eebb124e1225713b1a50f82136b1c4d4a7bf11f1cbb11ae512fbb3b 167904 python3-unbound-dbgsym_1.22.0-2+deb13u3_amd64.deb
 43801ed80e0090469078a35fdec77c650266b754de2c4f64a857eeb5d7ddcb58 220500 python3-unbound_1.22.0-2+deb13u3_amd64.deb
 5ad1b72f35d352f195de751db7c2c56c494edc3ba8f38144e1b35ae33ac3f38b 59224 unbound-anchor-dbgsym_1.22.0-2+deb13u3_amd64.deb
 8d837bff4de27535ca92035f454e0de79c00eed6122dbccda53ee1b0285e5b64 195352 unbound-anchor_1.22.0-2+deb13u3_amd64.deb
 abdb6d275950cff8e72db4cd7b726667d565b138ef7224265784fda0d30ae6aa 5473356 unbound-dbgsym_1.22.0-2+deb13u3_amd64.deb
 960a8dc670e5e3827c555cb0d6eee2bd8ab0d786f7571604bca23bb3de6e89b2 132924 unbound-host-dbgsym_1.22.0-2+deb13u3_amd64.deb
 b3ef668315e33fc31b1c589959d465e2073a683de068ddd78e9f616cc16e7457 218552 unbound-host_1.22.0-2+deb13u3_amd64.deb
 ee8435a211acb184c5b216a1b37c2eaef171ea092f69e837e86a42c0483a35fb 10393 unbound_1.22.0-2+deb13u3_amd64-buildd.buildinfo
 208ca5d559854680db1c52bfa6aaad153481ee508f557d64841a568571f70430 1032008 unbound_1.22.0-2+deb13u3_amd64.deb
Files:
 f7348219e3ef3b1091216a66281ea658 686788 libdevel optional libunbound-dev_1.22.0-2+deb13u3_amd64.deb
 938a42a23cf4ef2bd13c71249a0267b6 1338880 debug optional libunbound8-dbgsym_1.22.0-2+deb13u3_amd64.deb
 c773c243298811c6336756b8317e6fe3 598784 libs optional libunbound8_1.22.0-2+deb13u3_amd64.deb
 d3748e4b6f98b3c3c344ac00e1fd7fd9 167904 debug optional python3-unbound-dbgsym_1.22.0-2+deb13u3_amd64.deb
 1ca076357d7d3e7daf6c0499914cf43a 220500 python optional python3-unbound_1.22.0-2+deb13u3_amd64.deb
 68750baacbb1e05195b00daababa2c75 59224 debug optional unbound-anchor-dbgsym_1.22.0-2+deb13u3_amd64.deb
 5bfe878a3d8b34774050386262474a36 195352 net optional unbound-anchor_1.22.0-2+deb13u3_amd64.deb
 59fb809c8d6a1e55fd59d69c7ebb3481 5473356 debug optional unbound-dbgsym_1.22.0-2+deb13u3_amd64.deb
 fc84d3a6d60f8f3457af99621cc75ca3 132924 debug optional unbound-host-dbgsym_1.22.0-2+deb13u3_amd64.deb
 68ad9ae4e83511a3bc9ddd6678d25850 218552 net optional unbound-host_1.22.0-2+deb13u3_amd64.deb
 84e82e0fab9fdda0911a82596449d285 10393 net optional unbound_1.22.0-2+deb13u3_amd64-buildd.buildinfo
 317347d2a3ddf44deb8b12c411e528cd 1032008 net optional unbound_1.22.0-2+deb13u3_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE5ZI1lXv5WjhHIVjsN8Ugyu9dQiQFAmoVlqMACgkQN8Ugyu9d
QiSeOA//cSlri4lbpeDeMR1x8t34j/ex06cs6tT1SDxwmlP0taMWI7GwhvuFDUfO
ZsMF7/1u+Yiv9z7NRXg30dU00LDSXfu9GjAkShEDLq5XMh/0xrkTs/Ek8He7FOL+
hzIw7iW+u2jr95P48HwNCVjuKDcObH/p4I8YkvIv81FHC3BGjEWmRuCgOC8bTk2D
AOAWOUOpRqUhDoMIRgJR4JFWn9pZ9vAS6b8rJVHjjdi+PsNzgg/NwrFsRP2GwvnU
lLXaMMnYOD5fm/WOql4MMveMR4STmT46loq8Ua96z2r8AlfvVA8OH0SAPymoM42D
Jztk9eJQD8SVELalkqgATM6mcaLrlDUnPr534pag77MQL+k5+SZXtYS9pyGnz7M/
39aEY3dxD4JoTdSWBQOmYRDqnLIelwdtnD7E2rTNwG5YaKTp6gjeZa72a5f6c5xX
QvChJAxqlm4yTCwOTmAi1MBK2Yeqif4A9+4ANitAaAF7tnlWFwMCj9f6ZgmtatfT
heRR7fmae+sjCRDQ43uj+c8FqyXKk0r3+vrSFkWALHAwYbLM6oIYkZFihWzSzb9A
tU0paDQVHU2QlcPmj3wj+OXXMKlpmGNSg8n32oGYUx3+UQzCA0m7mDyBEO7uIPj8
Tcjbg5IRHxF+X16PUlMGWc63hp/hiEA/O2viDu/EmNCqPTEDu/c=
=6COV
-----END PGP SIGNATURE-----