-
unbound (1.13.1-1ubuntu5.5) jammy-security; urgency=medium
* SECURITY UPDATE: Unbound could be used to take part in a DoS attack
- debian/patches/CVE-2024-33655.patch: fix for the DNSBomb
vulnerability in doc/example.conf.in, doc/unbound.conf.5.in,
services/cache/infra.c, services/cache/infra.h, services/mesh.c,
testdata/*, util/config_file.c, util/config_file.h,
util/configlexer.lex, util/configparser.y.
- CVE-2024-33655
-- Marc Deslauriers <email address hidden> Wed, 15 May 2024 13:34:34 +0200
-
unbound (1.13.1-1ubuntu5.4) jammy-security; urgency=medium
* SECURITY UPDATE: Denial of service issues via DNSSEC responses
- debian/patches/CVE-2023-50387_CVE-2023-50868_1.12.0-1.13.1.patch:
patch obtained from Debian's 1.13.1-1+deb11u2 package, thanks to
Salvatore Bonaccorso.
- CVE-2023-50387
- CVE-2023-50868
-- Marc Deslauriers <email address hidden> Tue, 27 Feb 2024 16:53:18 -0500
-
unbound (1.13.1-1ubuntu5.3) jammy-security; urgency=medium
* SECURITY UPDATE: Non-Responsive Delegation Attack
- debian/patches/CVE-2022-3204.patch: limit number of lookups in
iterator/iter_delegpt.*, iterator/iter_utils.*, iterator/iterator.c,
services/cache/dns.c, services/mesh.*.
- CVE-2022-3204
-- Marc Deslauriers <email address hidden> Tue, 15 Nov 2022 15:03:03 -0500
-
unbound (1.13.1-1ubuntu5.2) jammy; urgency=medium
* Resolve interfaces using existing interface names with unbound-checkconf
(LP: #1988055):
- d/p/fix-checkconf-interface-name-error.patch: Resolve known interface
names correctly when using unbound-checkconf
- d/p/resolve-control-interface-names.patch: Resolve interface names on
control-interface so unbound-checkconf can work correctly when checking
names of known interfaces
-- Lena Voytek <email address hidden> Wed, 07 Sep 2022 10:52:50 -0700
-
unbound (1.13.1-1ubuntu5.1) jammy-security; urgency=medium
* SECURITY UPDATE: Ghost domain names issues
- debian/patches/CVE-2022-3069x-pre1.patch: fix that nxdomain synthesis
does not happen above the stub or forward definition in
cachedb/cachedb.c, edns-subnet/subnetmod.c, iterator/iter_utils.c,
iterator/iter_utils.h, iterator/iterator.c, services/cache/dns.c,
services/cache/dns.h.
- debian/patches/CVE-2022-3069x.patch: fix the novel ghost domain
issues in cachedb/cachedb.c, daemon/cachedump.c, daemon/worker.c,
dns64/dns64.c, ipsecmod/ipsecmod.c, iterator/iter_utils.c,
iterator/iter_utils.h, iterator/iterator.c, pythonmod/interface.i,
pythonmod/pythonmod_utils.c, services/cache/dns.c,
services/cache/dns.h, services/mesh.c,
testdata/iter_prefetch_change.rpl, util/module.h,
validator/validator.c.
- CVE-2022-30698
- CVE-2022-30699
-- Marc Deslauriers <email address hidden> Tue, 02 Aug 2022 09:52:58 -0400
-
unbound (1.13.1-1ubuntu5) jammy; urgency=medium
* Cherry-pick upstream commits for Python 3.10 compatibility
-- Rico Tzschichholz <email address hidden> Tue, 01 Feb 2022 15:23:57 +0100
-
unbound (1.13.1-1ubuntu4) jammy; urgency=medium
* No-change rebuild with Python 3.10 as default version
-- Graham Inggs <email address hidden> Thu, 13 Jan 2022 20:38:08 +0000
-
unbound (1.13.1-1ubuntu3) jammy; urgency=medium
* debian/patches/openssl3.patch: compatibility with OpenSSL 3.
-- Steve Langasek <email address hidden> Thu, 09 Dec 2021 20:51:29 +0000
-
unbound (1.13.1-1ubuntu2) jammy; urgency=medium
* No-change rebuild against libssl3
-- Steve Langasek <email address hidden> Thu, 09 Dec 2021 00:22:14 +0000
-
unbound (1.13.1-1ubuntu1) impish; urgency=medium
* Enable DNS-over-HTTPS support (LP: #1927877)
- d/control: add Build-Depends on libnghttp2-dev
- d/rules: compile with libnghttp2
-- Athos Ribeiro <email address hidden> Thu, 01 Jul 2021 11:16:26 -0300