-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 30 Nov 2025 13:33:55 +0300
Source: unbound
Binary: libunbound-dev libunbound8 libunbound8-dbgsym python3-unbound python3-unbound-dbgsym unbound unbound-anchor unbound-anchor-dbgsym unbound-dbgsym unbound-host unbound-host-dbgsym
Architecture: i386
Version: 1.17.1-2+deb12u4
Distribution: bookworm
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 libunbound-dev - static library, header files, and docs for libunbound
 libunbound8 - library implementing DNS resolution and validation
 python3-unbound - library implementing DNS resolution and validation (Python3 bindi
 unbound    - validating, recursive, caching DNS resolver
 unbound-anchor - utility to securely fetch the root DNS trust anchor
 unbound-host - reimplementation of the 'host' command
Closes: 1100870 1121446
Changes:
 unbound (1.17.1-2+deb12u4) bookworm; urgency=medium
 .
   * CVE-2024-33655.patch: remove unrelated change
     testdata/fwd_udptmout.tdir/fwd_udptmout.conf is not modified
     by the upstream commit in question (c3206f4568f6)
   * fix-823-Response-change-to-NODATA-for-some-ANY-queries.patch
     Fixes: https://github.com/NLnetLabs/unbound/issues/823
   * fix-not-following-cleared-RD-flags-amplification.patch
     fix potential amplification DDoS attacks
   * replace combined CVE-2023-50387_CVE-2023-50868_1.16.1-1.17.1.patch
     with 2 separate upstream commits, add patch descriptions, and add
     missing changes for testdata files:
      o CVE-2023-50387-DNSSEC-verification-complexity.patch
      o CVE-2023-50387_CVE-2023-50868_1.16.1-1.17.1.patch
   * 3 changes to fix CVE-2025-11411 (possible domain hijacking attack):
      o 1-iterator-iter_scrub.c-pass-module_env-parameter-to-s.patch
        (a change from "Add harden-unknown-additional option" upstream patch)
      o 2-possible-domain-hijacking-attack.patch
      o 3-additional-fix-for-possible-domain-hijacking.patch
     (Closes: #1121446)
   * fix-595-unbound-anchor-cannot-deal-with-full-disk.patch
     Fixes: https://github.com/NLnetLabs/unbound/issues/595
     (Closes: #1100870)
   * d/gbp.conf: set default branch to debian/bookworm
Checksums-Sha1:
 7560c8c402319d3d0602afb0f2fe57b53fe3fcd3 686984 libunbound-dev_1.17.1-2+deb12u4_i386.deb
 330005c2d32c5c689386b0daf02abb5c476133be 1110088 libunbound8-dbgsym_1.17.1-2+deb12u4_i386.deb
 19eb2d4e32d19b62915b594b867d06ad938a7616 585804 libunbound8_1.17.1-2+deb12u4_i386.deb
 a39d6728e859754f5062449e0e27bf1855052b7d 155388 python3-unbound-dbgsym_1.17.1-2+deb12u4_i386.deb
 f9ca9a552a149cec02e22d7e4c5d6ec320769625 204904 python3-unbound_1.17.1-2+deb12u4_i386.deb
 589b380ef4f2e8fa7d3108981e514f244d819cb8 58732 unbound-anchor-dbgsym_1.17.1-2+deb12u4_i386.deb
 753184ffbacc7c8769db3edcaba2cdaf246a9334 183756 unbound-anchor_1.17.1-2+deb12u4_i386.deb
 3be8b9cccbfdf7a1dda357b29654dc1dc996e49c 4454172 unbound-dbgsym_1.17.1-2+deb12u4_i386.deb
 e8360ab3f5c7bd5f8924e413c3d69bf3f4b928e0 112868 unbound-host-dbgsym_1.17.1-2+deb12u4_i386.deb
 0321390091fb29e958d079a1f1ae9a061d006ddf 205292 unbound-host_1.17.1-2+deb12u4_i386.deb
 1a55f97aa1685d7fc3463e9a846ada590b09df96 10809 unbound_1.17.1-2+deb12u4_i386-buildd.buildinfo
 6aca8106dce69bdd06adce58455f85aba12a9dd0 997084 unbound_1.17.1-2+deb12u4_i386.deb
Checksums-Sha256:
 0790ca0c4e7e39f64fa99992374408e78ccdb4a3bbea107327b1d595b18660a8 686984 libunbound-dev_1.17.1-2+deb12u4_i386.deb
 a55a995ad7a47b6ecfa19ab0706f970f629117ce5f45fa754c9cc975524f56f2 1110088 libunbound8-dbgsym_1.17.1-2+deb12u4_i386.deb
 95fea450805bfe0b4b8a244feb95961c6f74f86d98ca59f459b6681da1ca8d1f 585804 libunbound8_1.17.1-2+deb12u4_i386.deb
 af2fc04961f30922df04ccdcdf2dffc4413b716b6b6b7b330addd86b6ae57467 155388 python3-unbound-dbgsym_1.17.1-2+deb12u4_i386.deb
 c01178f26aa68385893643201f69e8c036312b7d4a4b2829bdb33e6f5cd30315 204904 python3-unbound_1.17.1-2+deb12u4_i386.deb
 bc92ba7289972cc1d92e8e26b8749f131ce22a924ea5121ba55e32d99de278cd 58732 unbound-anchor-dbgsym_1.17.1-2+deb12u4_i386.deb
 4b755f38af5785a19ad1ddad73dc9815420b8e88dcda9da57437fcaaeda25bb9 183756 unbound-anchor_1.17.1-2+deb12u4_i386.deb
 2fc39607df7a9a181695dfdec491e014e8b613303f7c06462f6e1fd358f82a00 4454172 unbound-dbgsym_1.17.1-2+deb12u4_i386.deb
 9690e4d36141b42238c95639fcf293e13bdb21b6e9676e22db27e7d437d0c4b6 112868 unbound-host-dbgsym_1.17.1-2+deb12u4_i386.deb
 40b3c52b51e96131063ad4333bc8b5be8192010d38c8f800df8be49687aec331 205292 unbound-host_1.17.1-2+deb12u4_i386.deb
 898cc4641f40eb35608d9963c7397bbe72d555d19917b83f18ab88fcd2e90d18 10809 unbound_1.17.1-2+deb12u4_i386-buildd.buildinfo
 cb47fbf2934b0567fcbdd7d86c0b597485bb79ef083097eb5b5b110b1a965f81 997084 unbound_1.17.1-2+deb12u4_i386.deb
Files:
 e7f16ddb99e952a3b90a8e16faf6ccf7 686984 libdevel optional libunbound-dev_1.17.1-2+deb12u4_i386.deb
 b48d3c8beea9021c41cfb02f6697a96c 1110088 debug optional libunbound8-dbgsym_1.17.1-2+deb12u4_i386.deb
 7333d1a5945e25929c14b69599c45d7c 585804 libs optional libunbound8_1.17.1-2+deb12u4_i386.deb
 fbe31025cfa992dcea143429b19ce07c 155388 debug optional python3-unbound-dbgsym_1.17.1-2+deb12u4_i386.deb
 0e927cf29dcbf9346446582fb149a000 204904 python optional python3-unbound_1.17.1-2+deb12u4_i386.deb
 3dc3bc799ef9321e5c215b827e4d8ddb 58732 debug optional unbound-anchor-dbgsym_1.17.1-2+deb12u4_i386.deb
 00d0c7179aa4cb6d6dc9adf844ec18e9 183756 net optional unbound-anchor_1.17.1-2+deb12u4_i386.deb
 5c3f3dac6034ed30a77d7cf235ac213a 4454172 debug optional unbound-dbgsym_1.17.1-2+deb12u4_i386.deb
 064085cf4f7e1c56882d30adf13f5865 112868 debug optional unbound-host-dbgsym_1.17.1-2+deb12u4_i386.deb
 3b01986601152f8a7924a49441bf802d 205292 net optional unbound-host_1.17.1-2+deb12u4_i386.deb
 bbb4196db5e50ccf04eead13ba7dc4cd 10809 net optional unbound_1.17.1-2+deb12u4_i386-buildd.buildinfo
 d9d5aa0b07f094aa3abf1a9523cdb974 997084 net optional unbound_1.17.1-2+deb12u4_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEnw0rdzqckKx6dwRTEbCLukZn24oFAmk1voAACgkQEbCLukZn
24r13A//U2aAfwLlffWyp6BPswofC+A32hKBHnbxcGT6qENqyogscg90ZXf+8aHp
Regn0LrfGKw6y6wVkWm+5sOlF7Wz6bQRQKwLi6ICrO9rSM/ZUghBuzXW1F0V5bzB
QdzfL5PXHd8L+jz3rbynrNAglqJwL8b7BMh2sUK/RU0bBM3OMW2wh5NKgca1DhF5
Ukz6m/8R7wY8rXPovz1iYj9l944k+bWgEL0sW/TX2thR+F34k+NvNjA/sZcG040p
+/6Mfi9mF2Tgsx5Kdqzb2F6yZNkPfr88lOFUiEQCXfLRwwZtAxTWkIYw3E7Q4iZa
uXHcGlA2yvMTE++tz8vcmoetmhUyc44o5leUBVAfKajsLD55tKCp1p4dJdUfRjnJ
uTkH04oztGfy7KDph1kww8lfNdjyyCRYLSBmyA7VZ1iLGLNw+1D8iOpWu5ZIb4Un
mxxyRxmjiCCZRH4GT68fKIwQSKLbIxALXOzv4oytgqvVo1ZNVP5mloaTYumu80iN
+WNHC5kfjQtPRgUVmBC6fDqpWK/Z5/uQp0y1heaK3DMVovvVSGLo4KNHLjgY4i6v
fiefLLjh73wetBCFIGVYYVQUqB+N++ObkdRbNgzZlw2ixD4gE+PTd0MVAO+0nkim
ZPhSW2wz9IxNK+a4mk6tZqd2sId0JNSeftX2J2nVkyPIZeDtnxg=
=mLny
-----END PGP SIGNATURE-----