-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 May 2026 12:05:38 +0300
Source: unbound
Binary: libunbound-dev libunbound8 libunbound8-dbgsym python3-unbound python3-unbound-dbgsym unbound unbound-anchor unbound-anchor-dbgsym unbound-dbgsym unbound-host unbound-host-dbgsym
Architecture: armel
Version: 1.22.0-2+deb13u3
Distribution: trixie-security
Urgency: medium
Maintainer: armel Build Daemon (arm-ubc-03) <buildd_arm64-arm-ubc-03@buildd.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 libunbound-dev - static library, header files, and docs for libunbound
 libunbound8 - library implementing DNS resolution and validation
 python3-unbound - library implementing DNS resolution and validation (Python3 bindi
 unbound    - validating, recursive, caching DNS resolver
 unbound-anchor - utility to securely fetch the root DNS trust anchor
 unbound-host - reimplementation of the 'host' command
Closes: 1137187
Changes:
 unbound (1.22.0-2+deb13u3) trixie-security; urgency=medium
 .
   * May-2026 security updates in debian/patches/26-05/ subdir:
     01-Use-the-same-EDE-removal-logic-when-encoding-errors.patch
       this change was part of 1.25 release, it is a slight change in behaviour
       implemented after 1.22.0 release.  This change is not necessary for the
       security update, but it makes subsequent changes in this area to apply.
     02-CVE-2026-33278-Possible-RCU-in-DNSSEC-validation.patch
     03-CVE-2026-42944-Heap-overflow-multiple-nsid-cookie-padding.patch
     04-CVE-2026-42959-Crash-DNSSEC-validation-of-malicious-content.patch
     05-CVE-2026-32792-Packet-of-death-with-DNSCrypt.patch
     06-CVE-2026-40622-Ghost-domain-name-variant.patch
        (patch edited, expanded TTL_IS_EXPIRED() macro not present in 1.22)
     07-CVE-2026-41292-Parsing-a-long-list-of-incoming-EDNS-options.patch
     08-CVE-2026-42534-Jostle-logic-bypass-degrades-performance.patch
     09-CVE-2026-42923-Degradation-of-service-unbouded-NSEC-hash-calc.patch
     10-CVE-2026-42960-Possible-cache-poisoning-following-delegation.patch
     11-CVE-2026-44390-Unbounded-name-compression.patch
     12-CVE-2026-44608-UAF-in-RPZ-code.patch
     13-Unit-test-for-CVE-2026-33278.patch
     14-Unit-test-for-CVE-2026-42944.patch
     15-Unit-test-for-CVE-2026-42959.patch
     16-Unit-test-for-CVE-2026-40622.patch
     17-Unit-test-for-CVE-2026-42960.patch
     (Closes: #1137187)
Checksums-Sha1:
 23a46790c6730e56aba32942e05a4557330d66cc 635348 libunbound-dev_1.22.0-2+deb13u3_armel.deb
 c140ce8b71b09ac2bb9b23a4446e6bc1803016bb 1311508 libunbound8-dbgsym_1.22.0-2+deb13u3_armel.deb
 1b6c24a5d33734cdb897fe1fde39a2872246bd69 535668 libunbound8_1.22.0-2+deb13u3_armel.deb
 47bf308149bc9f4d44f960f3f8da6e276828b01f 175528 python3-unbound-dbgsym_1.22.0-2+deb13u3_armel.deb
 31e8806a21b7bbb31c9fd84ff7d95a8164246d06 216756 python3-unbound_1.22.0-2+deb13u3_armel.deb
 0da17d9bf0a01588dcd507ab301ee9fbec9709ad 58712 unbound-anchor-dbgsym_1.22.0-2+deb13u3_armel.deb
 11bd6eeed42d2b6cc51dbf1754fd7da36de08c2c 193160 unbound-anchor_1.22.0-2+deb13u3_armel.deb
 dcba9c4f16e07ee77eeaf2b76744dd2f44a67655 4880220 unbound-dbgsym_1.22.0-2+deb13u3_armel.deb
 8cc0ed235374b8a2ff3d567f7243ef1566be2cbb 131408 unbound-host-dbgsym_1.22.0-2+deb13u3_armel.deb
 f4b7e01205a7da7f9c782fc89b4bac5b2e3c4889 211672 unbound-host_1.22.0-2+deb13u3_armel.deb
 313d39df249e65991549e9f7564c998e15ddfb6b 10242 unbound_1.22.0-2+deb13u3_armel-buildd.buildinfo
 86cece504239bca8a140959af525626cf40d75c5 884668 unbound_1.22.0-2+deb13u3_armel.deb
Checksums-Sha256:
 4650d21d8b92e55d9927fa01373ffb23c14626cffaacd9c838af9fae827b66e9 635348 libunbound-dev_1.22.0-2+deb13u3_armel.deb
 6951974a1dd991a77417fd45ba5e58130d2b1d405b0f0d53729058c856cdab4a 1311508 libunbound8-dbgsym_1.22.0-2+deb13u3_armel.deb
 8795ee3d2d61751a7a3709fbcfbb9b5c704769b0c67898c84d8dfd814e6515dc 535668 libunbound8_1.22.0-2+deb13u3_armel.deb
 b13bfe151c0f876723761e18263ab3fed7b632400112469f6f68d811eada85c3 175528 python3-unbound-dbgsym_1.22.0-2+deb13u3_armel.deb
 203f8ba2a17a4dceb34dbb3faba169f1a00c96eb05ae05dc2ea30bab2b65ada5 216756 python3-unbound_1.22.0-2+deb13u3_armel.deb
 cf03b34767307c899d92576497f12973af172ae561fac4188e1a43bc27e2cc33 58712 unbound-anchor-dbgsym_1.22.0-2+deb13u3_armel.deb
 bc3bf1a87beab86abac2352d0584e00574f476d2f59b71ab64f9060bf1e832d3 193160 unbound-anchor_1.22.0-2+deb13u3_armel.deb
 9bf97d189944f672e48841486c13f18ac06f3daef69c0e757838f0866dc85bc8 4880220 unbound-dbgsym_1.22.0-2+deb13u3_armel.deb
 0f975ab1d8e6ffc3152f518cf9a837297f3fcc75728c818e9e33f2c80f0367ee 131408 unbound-host-dbgsym_1.22.0-2+deb13u3_armel.deb
 7fca3988ca898eda34d4cf308c020e206fd18e3654746056dc520afc0221ef63 211672 unbound-host_1.22.0-2+deb13u3_armel.deb
 7df22455660e8893ee55ffa487e25cbf4957cd6d29546ee915232608d7b471f1 10242 unbound_1.22.0-2+deb13u3_armel-buildd.buildinfo
 f2495e3b941b99132cfc1a7742dcb18fd125c28b6101d3f1b1b2a67a105486a8 884668 unbound_1.22.0-2+deb13u3_armel.deb
Files:
 4e49c24f613eaf53490f4314af804b47 635348 libdevel optional libunbound-dev_1.22.0-2+deb13u3_armel.deb
 b5641dca44aad8560c26454d48786cdb 1311508 debug optional libunbound8-dbgsym_1.22.0-2+deb13u3_armel.deb
 4d8dfab1d57dc5db75b62219032da552 535668 libs optional libunbound8_1.22.0-2+deb13u3_armel.deb
 8760a9b07247c9742974631e8459b162 175528 debug optional python3-unbound-dbgsym_1.22.0-2+deb13u3_armel.deb
 4bc537d41074315590872ee9ce71e62c 216756 python optional python3-unbound_1.22.0-2+deb13u3_armel.deb
 6d4926f6775ef655871376c41805020a 58712 debug optional unbound-anchor-dbgsym_1.22.0-2+deb13u3_armel.deb
 22540012f83c23e4c63600148c85e34a 193160 net optional unbound-anchor_1.22.0-2+deb13u3_armel.deb
 5fb6f74300d89d05b21e7a950bdf8364 4880220 debug optional unbound-dbgsym_1.22.0-2+deb13u3_armel.deb
 a50a9acedc0df1eb8b449280cd9ea433 131408 debug optional unbound-host-dbgsym_1.22.0-2+deb13u3_armel.deb
 59eea22cd07e06440d9ab424b63df2d5 211672 net optional unbound-host_1.22.0-2+deb13u3_armel.deb
 c8ef66f41b6b8aaa0b19debd6986b26c 10242 net optional unbound_1.22.0-2+deb13u3_armel-buildd.buildinfo
 8c4df8376569cffa429432e29c481b00 884668 net optional unbound_1.22.0-2+deb13u3_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE2kd8oHy+LXk/nybqvzDqKQSGl8UFAmoVlugACgkQvzDqKQSG
l8X7URAAkV8G1Q/B8lln50YLi+ttPiAwdhvlf4G1mqCMiyGDnYpI5s8ZrGEdt1aS
g2fZ1I+aqqGGC8AJ9WwHKrysSe934qr/WjGP5fqrEH3TA7QZCrrE0XRRkpMcYjBO
wSFyRgx1SJH6DgxTR+gdKrKRFvLxzgP/JB1nEM4FmnyInRz0FtSyyyMQ2y+VncsF
8uiV0/aTUa/iw1xzMy9M0ZZDwc2KVg65mcj7Bu33DQy+BRlgeXQxEj7ObEaHVFXZ
eBG41V2/qIcCSb4ziPMB+7uA5/37X6Wo7Xjd6D5YowhOzH6+134oBTTYXO8ogjWh
KtF5/griB4mKLnZ1yYumLqLT7hRBOFOWi+FAcuVDO9+R27EmL2IGU9MhKsnkKQPD
IFtrTHXSWFjyrQvdS9esojIBsJFACZKRFq1wZGT0xDfXvrAlPSMxQVvVM3132ekJ
FfxeBPQVZZmLeN4oyuu06mWOlXGFWIv+5wqLiA7Dv9qXoiOAzjem8mNH6hrKuyUx
BvTSfP9YlSvzlE0bgFVhSlSgjCFSvGaMilQgjVR6TVFtqMo2/vUT+uKzrUyiWKk8
LPecvOHaRpjVkCXyxvBu2QYjRzalV9Lexo7/lx+ZeOhgv2GnjarHW9qu/HjuqUfL
et3NmQ6TK5aLlHBGGP5rU5N49hBbHR3yLloIN5FYsSH80ZLM3DE=
=agkb
-----END PGP SIGNATURE-----