-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 May 2026 12:05:38 +0300
Source: unbound
Binary: libunbound-dev libunbound8 libunbound8-dbgsym python3-unbound python3-unbound-dbgsym unbound unbound-anchor unbound-anchor-dbgsym unbound-dbgsym unbound-host unbound-host-dbgsym
Architecture: s390x
Version: 1.22.0-2+deb13u3
Distribution: trixie-security
Urgency: medium
Maintainer: s390x Build Daemon (ziehrer) <buildd_s390x-ziehrer@buildd.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 libunbound-dev - static library, header files, and docs for libunbound
 libunbound8 - library implementing DNS resolution and validation
 python3-unbound - library implementing DNS resolution and validation (Python3 bindi
 unbound    - validating, recursive, caching DNS resolver
 unbound-anchor - utility to securely fetch the root DNS trust anchor
 unbound-host - reimplementation of the 'host' command
Closes: 1137187
Changes:
 unbound (1.22.0-2+deb13u3) trixie-security; urgency=medium
 .
   * May-2026 security updates in debian/patches/26-05/ subdir:
     01-Use-the-same-EDE-removal-logic-when-encoding-errors.patch
       this change was part of 1.25 release, it is a slight change in behaviour
       implemented after 1.22.0 release.  This change is not necessary for the
       security update, but it makes subsequent changes in this area to apply.
     02-CVE-2026-33278-Possible-RCU-in-DNSSEC-validation.patch
     03-CVE-2026-42944-Heap-overflow-multiple-nsid-cookie-padding.patch
     04-CVE-2026-42959-Crash-DNSSEC-validation-of-malicious-content.patch
     05-CVE-2026-32792-Packet-of-death-with-DNSCrypt.patch
     06-CVE-2026-40622-Ghost-domain-name-variant.patch
        (patch edited, expanded TTL_IS_EXPIRED() macro not present in 1.22)
     07-CVE-2026-41292-Parsing-a-long-list-of-incoming-EDNS-options.patch
     08-CVE-2026-42534-Jostle-logic-bypass-degrades-performance.patch
     09-CVE-2026-42923-Degradation-of-service-unbouded-NSEC-hash-calc.patch
     10-CVE-2026-42960-Possible-cache-poisoning-following-delegation.patch
     11-CVE-2026-44390-Unbounded-name-compression.patch
     12-CVE-2026-44608-UAF-in-RPZ-code.patch
     13-Unit-test-for-CVE-2026-33278.patch
     14-Unit-test-for-CVE-2026-42944.patch
     15-Unit-test-for-CVE-2026-42959.patch
     16-Unit-test-for-CVE-2026-40622.patch
     17-Unit-test-for-CVE-2026-42960.patch
     (Closes: #1137187)
Checksums-Sha1:
 989e0665033de0a849f8541e61ee46c18b28b186 668992 libunbound-dev_1.22.0-2+deb13u3_s390x.deb
 a0f948a9c34cfcd26f935c21be88c58569c6da00 1335376 libunbound8-dbgsym_1.22.0-2+deb13u3_s390x.deb
 afdad6e26cbe4794d3602191628a6d0d92f79b4a 572892 libunbound8_1.22.0-2+deb13u3_s390x.deb
 c215f8ada82b31f222fe901f7ad4df15a16dfcd3 159816 python3-unbound-dbgsym_1.22.0-2+deb13u3_s390x.deb
 95b519d6a9f07b5a055c6bbd5a8e428097c474d4 218812 python3-unbound_1.22.0-2+deb13u3_s390x.deb
 779282dc6a5a6e095ac7e7933d090f8371e7083e 59588 unbound-anchor-dbgsym_1.22.0-2+deb13u3_s390x.deb
 4ef0d1df94b356a867c790e183ad2fceff27e72f 195016 unbound-anchor_1.22.0-2+deb13u3_s390x.deb
 68ce2997bd328d86a99d88640810e847fd049422 4840952 unbound-dbgsym_1.22.0-2+deb13u3_s390x.deb
 20f12b299f3a8f7ed6de5f63e81f065586d04a53 135340 unbound-host-dbgsym_1.22.0-2+deb13u3_s390x.deb
 0b13ba282ad5f538202062026cea8fb864b55d5d 217492 unbound-host_1.22.0-2+deb13u3_s390x.deb
 ca9d71d856c93a91edfb1e5d936f54375ea217bd 10252 unbound_1.22.0-2+deb13u3_s390x-buildd.buildinfo
 2738503695639d3204dde2e419d0aae1b33493e0 975920 unbound_1.22.0-2+deb13u3_s390x.deb
Checksums-Sha256:
 9198023d2e994ac9b5ae7ee60908340c938d13655f5d0d4318d8abc400d3ca0a 668992 libunbound-dev_1.22.0-2+deb13u3_s390x.deb
 7db0942dbf15c9b737189567f894e1ba56d98604166d370a30328d195b8ab4b5 1335376 libunbound8-dbgsym_1.22.0-2+deb13u3_s390x.deb
 67a0a42fb6b626b39b02f78f853a8bc3c4008b714b0453c60c6d3adec98d94e3 572892 libunbound8_1.22.0-2+deb13u3_s390x.deb
 75438b0f40dccc1c676be6899cddee4f0c3fe0d28b9762cb2b15f50f7c686c95 159816 python3-unbound-dbgsym_1.22.0-2+deb13u3_s390x.deb
 d4022041a8d511ab321da49683cd76ac8d315582fee7e89745d5f0d131d02b0f 218812 python3-unbound_1.22.0-2+deb13u3_s390x.deb
 1c8e5d70d28a349c32b1d634c87fe3e299887d889469889ee2461d3d9b1ea2a1 59588 unbound-anchor-dbgsym_1.22.0-2+deb13u3_s390x.deb
 eeb53c90dcee5cb3e2e019368a5157d0ca2b84afd3f9acffc72f8f28ec1f4857 195016 unbound-anchor_1.22.0-2+deb13u3_s390x.deb
 b3a113d717a0dd7d8f97d97bc866189224aef7ff15f33517652f6c5e32b92e51 4840952 unbound-dbgsym_1.22.0-2+deb13u3_s390x.deb
 cf6b23fd9a38bca2bc5ac4d7b11621ff5b893726a94bbb3d9c5f426b9fca56b6 135340 unbound-host-dbgsym_1.22.0-2+deb13u3_s390x.deb
 3e2101f4b0b1af6192c8b1d5e3785fb29ed3af0599b0e821e80be017967e3c18 217492 unbound-host_1.22.0-2+deb13u3_s390x.deb
 345f576599bc6f69444cd5d20d2c89ca77887da3f27083d1453338f9d3f017e4 10252 unbound_1.22.0-2+deb13u3_s390x-buildd.buildinfo
 f9914b58a6cf0b1a7bb7b09baa4c1bf2b68ca8b1fbc94104fa4abf273ace3ede 975920 unbound_1.22.0-2+deb13u3_s390x.deb
Files:
 38391c012ec6a207e8f5e841d73f9ac7 668992 libdevel optional libunbound-dev_1.22.0-2+deb13u3_s390x.deb
 8f50764edd31467a4ae2cc494acc3526 1335376 debug optional libunbound8-dbgsym_1.22.0-2+deb13u3_s390x.deb
 f713c98271786cc93ba481f406d74c4c 572892 libs optional libunbound8_1.22.0-2+deb13u3_s390x.deb
 c3b811e3e16bfe9b4a040a8e0c7602d7 159816 debug optional python3-unbound-dbgsym_1.22.0-2+deb13u3_s390x.deb
 a0e64b7c896025a7ff8c5fd875952ffc 218812 python optional python3-unbound_1.22.0-2+deb13u3_s390x.deb
 0423bf4de16da169ccd62c0b9751dc15 59588 debug optional unbound-anchor-dbgsym_1.22.0-2+deb13u3_s390x.deb
 61061f5e713086bb8b802a671d552d74 195016 net optional unbound-anchor_1.22.0-2+deb13u3_s390x.deb
 0b388a8035ff61009d6d5a31bc1df435 4840952 debug optional unbound-dbgsym_1.22.0-2+deb13u3_s390x.deb
 169bd7d2046a71a5940ce80ee1f8d94f 135340 debug optional unbound-host-dbgsym_1.22.0-2+deb13u3_s390x.deb
 79c2eff9968615e75a082c22e8a84af9 217492 net optional unbound-host_1.22.0-2+deb13u3_s390x.deb
 7ba0ab5c241fe948faac31f11f4bf907 10252 net optional unbound_1.22.0-2+deb13u3_s390x-buildd.buildinfo
 e051174474925582e5592cf0b77fe5c8 975920 net optional unbound_1.22.0-2+deb13u3_s390x.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEl0BM/nR+Oj597wRWMWUFebkHnoQFAmoVlnkACgkQMWUFebkH
noS6SA//WdUgIYoXpHvkzsClC1dB9U45mKmotJJ+qHABKaVizbrot3oW5YeXdOjm
DVb0FRbt43ulk2ixRgdoSySw5WzaYoPkukniI9oq0nnWLR0Fq/YFoihIK7Q7CKY/
rY4MBdpsdpvmF7erXOeuqvaCgNNl1Be+ral2OigLf5aU57X6goyfsmsQIo/ylCGo
C6VdzLmVvmgjBGoxB0LAvL1XRJNgQtb39Ayxp/6B2CSsqf/oYXcH2Yb4ETQhKPrg
fb6gfm5G6E7kT4fdLJNp0W2VCaHzhDjg/yilTrDPdN7ucyuW4BcFI3IE1VGjxYUc
Mx9l5QCFD0Ss+eIl1dMtQfPFzZiJTwXVnJbeDCfPQ2qHabSCHbhc0ROQwUJAgVpP
elOM+0IhpgMdfmXHbA7aMOmL8Qxt8khpI1JiEaH0CEIYj9rOdgP0kgZy50xdATc+
eLUipXXojVMR8X6rhm5/t6Op9A+By/AX8Zt3pH00hdcJQNctF0ypGv4UJQdh75iR
+YEffyMjEPkeH3qjnNh+WtThwuApaUnbcFmTbl1QiF6hGtB6TkHv0KZMeq5YHs7G
/VLdmsl/hdceb+wRjNyMp2UVOnvHvw/w6NIX3NE9cCYPhoI8Z62rFYIV3giieczm
y235ljouuRFVggw89Q7lM2VSbQ7JjtRFiIC/ecDdUlxsmjblnoI=
=8PVU
-----END PGP SIGNATURE-----