-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 13 Feb 2024 21:00:13 +0100 Source: unbound Architecture: source Version: 1.17.1-2+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: unbound packagers Changed-By: Salvatore Bonaccorso Closes: 1063845 Changes: unbound (1.17.1-2+deb12u2) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Address DNSSEC protocol vulnerabilities (Closes: #1063845) - Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers. - Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU. Checksums-Sha1: 40d697c2b923e9735801f2a49971fee120419579 3355 unbound_1.17.1-2+deb12u2.dsc 90da3bb8883931e30384057722dd9d1df4286f46 6244773 unbound_1.17.1.orig.tar.gz 6b754d1c792a1f6d01d6706a75777b87d434b134 833 unbound_1.17.1.orig.tar.gz.asc 8cb0fcbabeb7ed8af8a13a75f795a80074bf634a 46420 unbound_1.17.1-2+deb12u2.debian.tar.xz Checksums-Sha256: a7120468620010e676d854e957076badd459f3efb1e814abc2db770a20a8ae74 3355 unbound_1.17.1-2+deb12u2.dsc ee4085cecce12584e600f3d814a28fa822dfaacec1f94c84bfd67f8a5571a5f4 6244773 unbound_1.17.1.orig.tar.gz b66a35d11545a1334b8aec1848c8c7ee0e01ef4a2950f2260a7c26b6fd61bfbf 833 unbound_1.17.1.orig.tar.gz.asc b875917bdff790318101725a2de00192452f28c0bc0471d6cf7d063f7b9c3288 46420 unbound_1.17.1-2+deb12u2.debian.tar.xz Files: b85dd2bb575c6ac35a982617c6825081 3355 net optional unbound_1.17.1-2+deb12u2.dsc bb96df2dc579c11ada537dbc52781abc 6244773 net optional unbound_1.17.1.orig.tar.gz 8a6399230741197bdd17cc7e7686fe31 833 net optional unbound_1.17.1.orig.tar.gz.asc 431830533557532a7547047a8a1faa68 46420 net optional unbound_1.17.1-2+deb12u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmXLzDVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E3WMP/0aO+ZqI3L4ZKeugQ0UJV3sGlHTwmu2o sMOe47Tune2jWSYMmJ+vSkivfCaqF7a7WJm8R7oLXpc2VJUg5pFcdJbWcX4oKbH/ RZO56Bvuf5Dm4ieqa42QuMyh0pX83yxFhC2Q8Y2Txz8/UB1rcx96pmW9rXv0aOqW OlTsY6b4k6yjpswu955n5SYOVgKsdnmpTViHI+kjIYcHJGNKp3nlTQfTScDHWKQq eaNZQ+k20dz8WdlzzVNvWimaiyFKo2VIVbN2fsIOsPQwfnNRLVrew3M8znp0EukJ mD2SfndzzPViaQoHciD3GpfVsQJabEQvKN4cuyLoEAtE7G7w8YoztMHgQRSqDeXd 3E1/9CYxehZGs3bNwaAaBL2+q5Dkglh8E3rs16GsFYdwZeGIoeTVQ+baZhhfHhYq i/TyvXbgt4ACSf8uIXzn4SWhD6U8KHQDMctfN3PxiV8yslp4Akd9VO7fQjgQvU4b ZwCWMLJRZf1eXRophYwdjiFF7/XSYx806kY0o8gSReJvldMk5up/JjbmBsZciPVx oGUbtxGmGa8Ow8KMmloeiYA9R/iBhq6YGdhPCk2wl8eTTypPezCt26jiYMspurFV h5uWhOuhT2FATVFDmMl/EsJ8zn2BAnVxwQN2bEtzg+1sSB0qEndfXOCK5Piwlhpi E8NB2/vUqMlF =zpO/ -----END PGP SIGNATURE-----