-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 22 Oct 2025 18:00:33 +0200 Source: bind9 Architecture: source Version: 1:9.20.15-1~deb13u1 Distribution: trixie-security Urgency: high Maintainer: Debian DNS Team Changed-By: Ondřej Surý Changes: bind9 (1:9.20.15-1~deb13u1) trixie-security; urgency=high . * New upstream version 9.20.15 - [CVE-2025-8677]: DNSSEC validation fails if matching but invalid DNSKEY is found - [CVE-2025-40778]: Address various spoofing attacks. - [CVE-2025-40780]: Cache-poisoning due to weak pseudo-random number generator Checksums-Sha1: e2b9d8dc1b37e62b547f1bcbcc71f5a97c1d71a1 3197 bind9_9.20.15-1~deb13u1.dsc ec1cdd69dee34b0b3a3fc126146e26a172873110 5765964 bind9_9.20.15.orig.tar.xz 5c30cd697e5bc4bdafbc5e28296781dac1225dd4 833 bind9_9.20.15.orig.tar.xz.asc 3a12069874106e5d12d073fbff9398a8eeef2e7f 61900 bind9_9.20.15-1~deb13u1.debian.tar.xz d3cc415e56af487b90979f9b0d5d6c4bcd19668b 14746 bind9_9.20.15-1~deb13u1_amd64.buildinfo Checksums-Sha256: a327e32c45d6b72613a20a2a36edf6650f234735d1c9d1dc33f55544aa263a60 3197 bind9_9.20.15-1~deb13u1.dsc d62b38fae48ba83fca6181112d0c71018d8b0f2ce285dc79dc6a0367722ccabb 5765964 bind9_9.20.15.orig.tar.xz 2e9215f01c68734fd03b207dc1dd62fe32af79d02fe8182002529faaca6c9361 833 bind9_9.20.15.orig.tar.xz.asc ab95e35c4eb58cedf6fb3dece49ba2e4323a0cfd0ed6fc7ac03e1dfe5deec781 61900 bind9_9.20.15-1~deb13u1.debian.tar.xz 344e40e9175fb9e0b3076bb7559f9046b2bbeccea5166cd5ef80bce05c36d281 14746 bind9_9.20.15-1~deb13u1_amd64.buildinfo Files: 30bce310499febfd32e92f76c6d96536 3197 net optional bind9_9.20.15-1~deb13u1.dsc cb2486bdfed8959e58e36805c0f3e9f7 5765964 net optional bind9_9.20.15.orig.tar.xz 9c93fed4851f94156a17f993eb394590 833 net optional bind9_9.20.15.orig.tar.xz.asc 54277e1adce642564778cd84b77ca74c 61900 net optional bind9_9.20.15-1~deb13u1.debian.tar.xz 2d919656db6f49ae5f8d400b7d0f5d78 14746 net optional bind9_9.20.15-1~deb13u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmj5TTdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcIDiQ/7BoxrVHnrR9JbXCtE8hX7qz/iAqRFBW0eR1En0V8UVDAZCMhxsIGoodWG PxLlOM7i7Hyd4+KxqcCSw3OdvnGa8fjbNa6UQzZMcpCHaRSXOCqxjRlNSRf6GNDO aZHygrF+c7biIz/VZ47gouidB5kPivoYOla4uRixDXYTg+gThj5EYlHm/A8cqLJs 9RTFKEixPjncSWY6ml3yk3XhvKmDGZyW3S+LMafKLU4s65GMZc9vczssgHRXRdDR fil0tLcBUI3Q3iqajeh0P9JYPoKqdNL+/uPf3EwWhZAI+6hb4MewX6Jw34RtFc/P +8uHoLJ8FhBX3LkvojzVwcAsCEsxKiUgddB+N/uf7LCJ0XDkzD5qx0vysnf87zVM 1SESsGduyLfXtCLbMLW6v+DKrA/nhIO+kFDB9e7FaT8zgIvory1rWWmVn4DJ+Ib5 edtMhJWokvyNOasQO6kNjGlRQn2FDXhV4XMnKeZqYXnrQPfcSjCe5mKEOdi7mLmT gszwOYoMd7JH073ACkEEbmZdc+M82lkbEEu1jB2DMzLIqgPvY/bbsJ5h4mGj0AF1 dX3Ermato6qUBA8FvxA9TPak6cw6E1gGm6mhw2Vr59Km2zclW3lY8IOGfvHLeBoK eoASI7r3wuxdityRr+mTCG+ZYfZjg9lpXVwXH/cI363/nXpOghY= =rJqu -----END PGP SIGNATURE-----