Change log for unbound package in Ubuntu
1 → 75 of 146 results | First • Previous • Next • Last |
unbound (1.13.1-1ubuntu5.5) jammy-security; urgency=medium * SECURITY UPDATE: Unbound could be used to take part in a DoS attack - debian/patches/CVE-2024-33655.patch: fix for the DNSBomb vulnerability in doc/example.conf.in, doc/unbound.conf.5.in, services/cache/infra.c, services/cache/infra.h, services/mesh.c, testdata/*, util/config_file.c, util/config_file.h, util/configlexer.lex, util/configparser.y. - CVE-2024-33655 -- Marc Deslauriers <email address hidden> Wed, 15 May 2024 13:34:34 +0200
Available diffs
unbound (1.9.4-2ubuntu1.6) focal-security; urgency=medium * SECURITY UPDATE: Unbound could be used to take part in a DoS attack - debian/patches/CVE-2024-33655.patch: fix for the DNSBomb vulnerability in doc/example.conf.in, doc/unbound.conf.5.in, services/cache/infra.c, services/cache/infra.h, services/mesh.c, testdata/*, util/config_file.c, util/config_file.h, util/configlexer.lex, util/configparser.y. - CVE-2024-33655 -- Marc Deslauriers <email address hidden> Wed, 15 May 2024 15:09:15 +0200
Available diffs
unbound (1.17.1-2ubuntu0.2) mantic-security; urgency=medium * SECURITY UPDATE: Unbound could be used to take part in a DoS attack - debian/patches/CVE-2024-33655.patch: fix for the DNSBomb vulnerability in doc/example.conf.in, doc/unbound.conf.5.in, services/cache/infra.c, services/cache/infra.h, services/mesh.c, testdata/*, util/config_file.c, util/config_file.h, util/configlexer.lex, util/configparser.y. - CVE-2024-33655 -- Marc Deslauriers <email address hidden> Wed, 15 May 2024 12:15:41 +0200
Available diffs
unbound (1.19.2-1ubuntu3.1) noble-security; urgency=medium * SECURITY UPDATE: Unbound could be used to take part in a DoS attack - debian/patches/CVE-2024-33655.patch: fix for the DNSBomb vulnerability in doc/example.conf.in, doc/unbound.conf.5.in, services/cache/infra.c, services/cache/infra.h, services/mesh.c, testdata/*, util/config_file.c, util/config_file.h, util/configlexer.lex, util/configparser.y. - CVE-2024-33655 -- Marc Deslauriers <email address hidden> Wed, 15 May 2024 12:01:37 +0200
Available diffs
Published in oracular-release |
Published in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
unbound (1.19.2-1ubuntu3) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 08:30:00 +0000
Available diffs
- diff from 1.19.2-1ubuntu1 to 1.19.2-1ubuntu3 (395 bytes)
- diff from 1.19.2-1ubuntu2 to 1.19.2-1ubuntu3 (313 bytes)
Superseded in noble-proposed |
unbound (1.19.2-1ubuntu2) noble; urgency=medium * No-change rebuild against libevent-2.1-7t64 -- Simon Chopin <email address hidden> Fri, 29 Mar 2024 17:26:09 +0100
Available diffs
- diff from 1.19.2-1ubuntu1 to 1.19.2-1ubuntu2 (345 bytes)
unbound (1.19.2-1ubuntu1) noble; urgency=medium * Merge with Debian unstable (LP: #2056552). Remaining changes: - Don't build with hiredis on i386. hiredis and redis are not built on i386 and require bootstrapping due to circular build-dependencies; simpler to just disable this in the i386 unbound server binary (that no one will ever use). -- Andreas Hasenack <email address hidden> Fri, 08 Mar 2024 10:23:53 -0300
Available diffs
Superseded in noble-proposed |
unbound (1.19.1-1ubuntu3) noble; urgency=medium * No-change rebuild against libssl3t64 -- Steve Langasek <email address hidden> Tue, 05 Mar 2024 02:09:01 +0000
Available diffs
Superseded in noble-proposed |
unbound (1.19.1-1ubuntu2) noble; urgency=medium * No-change rebuild for python3.12 t64. -- Matthias Klose <email address hidden> Sat, 02 Mar 2024 21:15:53 +0100
Available diffs
- diff from 1.19.1-1ubuntu1 to 1.19.1-1ubuntu2 (340 bytes)
unbound (1.9.4-2ubuntu1.5) focal-security; urgency=medium * SECURITY UPDATE: Denial of service issues via DNSSEC responses - debian/patches/CVE-2023-50387-and-CVE-2023-50868.patch: patch obtained from Debian's 1.9.0-2+deb10u4 package, thanks to Markus Koschany. - CVE-2023-50387 - CVE-2023-50868 -- Marc Deslauriers <email address hidden> Tue, 27 Feb 2024 16:55:01 -0500
Available diffs
unbound (1.13.1-1ubuntu5.4) jammy-security; urgency=medium * SECURITY UPDATE: Denial of service issues via DNSSEC responses - debian/patches/CVE-2023-50387_CVE-2023-50868_1.12.0-1.13.1.patch: patch obtained from Debian's 1.13.1-1+deb11u2 package, thanks to Salvatore Bonaccorso. - CVE-2023-50387 - CVE-2023-50868 -- Marc Deslauriers <email address hidden> Tue, 27 Feb 2024 16:53:18 -0500
Available diffs
unbound (1.17.1-2ubuntu0.1) mantic-security; urgency=medium * SECURITY UPDATE: Denial of service issues via DNSSEC responses - debian/patches/CVE-2023-50387_CVE-2023-50868_1.16.1-1.17.1.patch: patch obtained from Debian's 1.17.1-2+deb12u2 package, thanks to Salvatore Bonaccorso. - CVE-2023-50387 - CVE-2023-50868 -- Marc Deslauriers <email address hidden> Tue, 27 Feb 2024 16:48:33 -0500
Available diffs
unbound (1.19.1-1ubuntu1) noble; urgency=medium * Merge with Debian unstable (LP: #2055042). Remaining changes: - Don't build with hiredis on i386. hiredis and redis are not built on i386 and require bootstrapping due to circular build-dependencies; simpler to just disable this in the i386 unbound server binary (that no one will ever use). -- Andreas Hasenack <email address hidden> Mon, 26 Feb 2024 10:03:33 -0300
Available diffs
- diff from 1.18.0-2ubuntu2 to 1.19.1-1ubuntu1 (201.7 KiB)
Deleted in noble-updates (Reason: superseded by release) |
Superseded in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
unbound (1.18.0-2ubuntu2) noble; urgency=medium * No-change rebuild with Python 3.12 as default -- Graham Inggs <email address hidden> Fri, 19 Jan 2024 21:03:32 +0000
Available diffs
- diff from 1.18.0-2ubuntu1 to 1.18.0-2ubuntu2 (335 bytes)
unbound (1.18.0-2ubuntu1) noble; urgency=medium * Don't build with hiredis on i386. hiredis and redis are not built on i386 and require bootstrapping due to circular build-dependencies; simpler to just disable this in the i386 unbound server binary (that no one will ever use). -- Steve Langasek <email address hidden> Fri, 24 Nov 2023 10:36:50 -0800
Available diffs
unbound (1.18.0-2) unstable; urgency=medium * d/resolvconf-forwards: remove -e (Closes: #1035800), shorten sed expr * d/changelog: mention #1013957 in previous changelog entry * d/control, d/rules: switch from libnettle back to libssl once it is GPL-compatible (#828699 is of no concern anymore). This fixes libunbound init failure. Also Closes: #1007260 * d/control, d/rules: build daemon with --enable-cachedb --with-libhiredis, build-depend on libhiredis-dev (Closes: #1014456) -- Michael Tokarev <email address hidden> Wed, 06 Sep 2023 16:34:32 +0300
Superseded in noble-release |
Published in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
unbound (1.17.1-2) unstable; urgency=medium * unbound-helper: return 0 explicitly in a few places (Closes: #1019140) -- Michael Tokarev <email address hidden> Sun, 09 Apr 2023 15:59:14 +0300
Available diffs
- diff from 1.17.1-1 to 1.17.1-2 (640 bytes)
Superseded in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
unbound (1.17.1-1) unstable; urgency=medium [ Michael Tokarev ] * new upstream release. Release notes: This release fixes a number of bugs. There are also new configuration options that by default do not change the existing behaviour of Unbound. With `statistics-inhibit-zero` the printout of zero values by stats can be controlled. Similarly with `max-sent-count` and `max-query-restarts` the iterator behaviour can be controlled. The maximum CNAME chain length that is accepted can be changed by increasing the `max-query-restarts` number. This takes more time to follow those elements. The keep-cache option allows reloads to change configuration whilst keeping the cache memory intact, making the cache hot for good response times after the change has completed. The release contains an additional fix for service downgrade due to wrong hash values for wildcards in a hyperlocal zone, that was reported by Sergey Kacheev. Features - Expose 'statistics-inhibit-zero' as a configuration option; the default value retains Unbound's behavior. - Expose 'max-sent-count' as a configuration option; the default value retains Unbound's behavior. - Merge #461 from Christian Allred: Add max-query-restarts option. Exposes an internal configuration but the default value retains Unbound's behavior. - Merge #569 from JINMEI Tatuya: add keep-cache option to 'unbound-control reload' to keep caches. Bug Fixes - Merge #768 from fobser: Arithmetic on a pointer to void is a GNU extension. - In unit test, print python script name list correctly. - testcode/dohclient sets log identity to its name. - Clarify the use of MAX_SENT_COUNT in the iterator code. - Fix that cachedb does not store failures in the external cache. - Merge #767 from jonathangray: consistently use IPv4/IPv6 in unbound.conf.5. - Fix to ignore tcp events for closed comm points. - Fix to make sure to not read again after a tcp comm point is closed. - Fix #775: libunbound: subprocess reap causes parent process reap to hang. - iana portlist update. - Complementary fix for distutils.sysconfig deprecation in Python 3.10 to commit 62c5039ab9da42713e006e840b7578e01d66e7f2. - Fix #779: [doc] Missing documentation in ub_resolve_event() for callback parameter was_ratelimited. - Ignore expired error responses. - Merge #720 from jonathangray: fix use after free when WSACreateEvent() fails. - Fix for the ignore of tcp events for closed comm points, preserve the use after free protection features. - Fix #782: Segmentation fault in stats.c:404. - Add SVCB and HTTPS to the types removed by 'unbound-control flush'. - Clear documentation for interactivity between the subnet module and the serve-expired and prefetch configuration options. - Fix #773: When used with systemd-networkd, unbound does not start until systemd-networkd-wait-online.service times out. - Merge #808: Wrap Makefile script's directory variables in quotes. - Fix to wrap Makefile scripts directory in quotes for uninstall. - Fix windows compile for libunbound subprocess reap comm point closes. - Update github workflows to use checkout v3. - Fix wildcard in hyperlocal zone service degradation, reported by Sergey Kacheev. * lintian-overrides fixes/additions [ Helmut Grohne ] * Fix FTCBFS: export _PYTHON_SYSCONFIGDATA_NAME. (Closes: #1024422) -- Michael Tokarev <email address hidden> Thu, 12 Jan 2023 18:28:54 +0300
Available diffs
- diff from 1.17.0-1 to 1.17.1-1 (162.7 KiB)
- diff from 1.17.0-1build1 (in Ubuntu) to 1.17.1-1 (162.8 KiB)
Superseded in lunar-proposed |
unbound (1.17.0-1build1) lunar; urgency=medium * No-change rebuild with Python 3.11 as default -- Graham Inggs <email address hidden> Sun, 25 Dec 2022 20:46:17 +0000
Available diffs
- diff from 1.17.0-1 (in Debian) to 1.17.0-1build1 (312 bytes)
unbound (1.6.7-1ubuntu2.6) bionic-security; urgency=medium * SECURITY UPDATE: Non-Responsive Delegation Attack - debian/patches/CVE-2022-3204.patch: limit number of lookups in iterator/iter_delegpt.*, iterator/iter_utils.*, iterator/iterator.c, services/cache/dns.c, services/mesh.*. - CVE-2022-3204 -- Marc Deslauriers <email address hidden> Tue, 15 Nov 2022 15:07:17 -0500
Available diffs
unbound (1.9.4-2ubuntu1.4) focal-security; urgency=medium * SECURITY UPDATE: Non-Responsive Delegation Attack - debian/patches/CVE-2022-3204.patch: limit number of lookups in iterator/iter_delegpt.*, iterator/iter_utils.*, iterator/iterator.c, services/cache/dns.c, services/mesh.*. - CVE-2022-3204 -- Marc Deslauriers <email address hidden> Tue, 15 Nov 2022 15:05:15 -0500
Available diffs
unbound (1.13.1-1ubuntu5.3) jammy-security; urgency=medium * SECURITY UPDATE: Non-Responsive Delegation Attack - debian/patches/CVE-2022-3204.patch: limit number of lookups in iterator/iter_delegpt.*, iterator/iter_utils.*, iterator/iterator.c, services/cache/dns.c, services/mesh.*. - CVE-2022-3204 -- Marc Deslauriers <email address hidden> Tue, 15 Nov 2022 15:03:03 -0500
Available diffs
unbound (1.16.2-1ubuntu0.1) kinetic-security; urgency=medium * SECURITY UPDATE: Non-Responsive Delegation Attack - debian/patches/CVE-2022-3204.patch: limit number of lookups in iterator/iter_delegpt.*, iterator/iter_utils.*, iterator/iterator.c, services/cache/dns.c, services/mesh.*. - CVE-2022-3204 -- Marc Deslauriers <email address hidden> Tue, 15 Nov 2022 14:59:47 -0500
Available diffs
unbound (1.17.0-1) unstable; urgency=medium * new upstream release -- Michael Tokarev <email address hidden> Thu, 13 Oct 2022 14:01:15 +0300
Available diffs
- diff from 1.16.2-1build1 (in Ubuntu) to 1.17.0-1 (215.3 KiB)
Superseded in lunar-release |
Obsolete in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
unbound (1.16.2-1build1) kinetic; urgency=medium * No-change rebuild against libevent-2.1-7a (LP: #1990941) -- Benjamin Drung <email address hidden> Fri, 07 Oct 2022 19:59:02 +0200
Available diffs
- diff from 1.16.2-1 (in Debian) to 1.16.2-1build1 (550 bytes)
unbound (1.13.1-1ubuntu5.2) jammy; urgency=medium * Resolve interfaces using existing interface names with unbound-checkconf (LP: #1988055): - d/p/fix-checkconf-interface-name-error.patch: Resolve known interface names correctly when using unbound-checkconf - d/p/resolve-control-interface-names.patch: Resolve interface names on control-interface so unbound-checkconf can work correctly when checking names of known interfaces -- Lena Voytek <email address hidden> Wed, 07 Sep 2022 10:52:50 -0700
Available diffs
unbound (1.16.2-1) unstable; urgency=medium * new upstream minor release with many bugfixes and 2 features. Closes: #1016493, CVE-2022-30698, CVE-2022-30699 * d/unbound.docs: install doc/Changelog file * d/copyright: mark debian/patches/* as GPL-2 (#1013957) (not closing the bug since it is more than d/patches/) -- Michael Tokarev <email address hidden> Fri, 12 Aug 2022 12:57:33 +0300
Available diffs
- diff from 1.16.0-2 to 1.16.2-1 (150.5 KiB)
unbound (1.6.7-1ubuntu2.5) bionic-security; urgency=medium * SECURITY UPDATE: Ghost domain names issues - debian/patches/CVE-2022-3069x-pre1.patch: fix that cachedb could return a partial CNAME chain in cachedb/cachedb.c, iterator/iterator.c, services/cache/dns.c, services/cache/dns.h. - debian/patches/CVE-2022-3069x-pre2.patch: backport a version of the iter_stub_fwd_no_cache function in iterator/iter_utils.c, iterator/iter_utils.h. - debian/patches/CVE-2022-3069x-pre3.patch: fix that nxdomain synthesis does not happen above the stub or forward definition in cachedb/cachedb.c, iterator/iter_utils.c, iterator/iter_utils.h, iterator/iterator.c, services/cache/dns.c, services/cache/dns.h. - debian/patches/CVE-2022-3069x.patch: fix the novel ghost domain issues in cachedb/cachedb.c, daemon/cachedump.c, daemon/worker.c, dns64/dns64.c, ipsecmod/ipsecmod.c, iterator/iter_utils.c, iterator/iter_utils.h, iterator/iterator.c, pythonmod/interface.i, pythonmod/pythonmod_utils.c, services/cache/dns.c, services/cache/dns.h, services/mesh.c, testdata/iter_prefetch_change.rpl, util/module.h, validator/validator.c. - CVE-2022-30698 - CVE-2022-30699 -- Marc Deslauriers <email address hidden> Thu, 04 Aug 2022 07:56:04 -0400
Available diffs
unbound (1.9.4-2ubuntu1.3) focal-security; urgency=medium * SECURITY UPDATE: Ghost domain names issues - debian/patches/CVE-2022-3069x-pre1.patch: fix that nxdomain synthesis does not happen above the stub or forward definition in cachedb/cachedb.c, edns-subnet/subnetmod.c, iterator/iter_utils.c, iterator/iter_utils.h, iterator/iterator.c, services/cache/dns.c, services/cache/dns.h. - debian/patches/CVE-2022-3069x.patch: fix the novel ghost domain issues in cachedb/cachedb.c, daemon/cachedump.c, daemon/worker.c, dns64/dns64.c, ipsecmod/ipsecmod.c, iterator/iter_utils.c, iterator/iter_utils.h, iterator/iterator.c, pythonmod/interface.i, pythonmod/pythonmod_utils.c, services/cache/dns.c, services/cache/dns.h, services/mesh.c, testdata/iter_prefetch_change.rpl, util/module.h, validator/validator.c. - CVE-2022-30698 - CVE-2022-30699 -- Marc Deslauriers <email address hidden> Tue, 02 Aug 2022 09:55:28 -0400
Available diffs
unbound (1.13.1-1ubuntu5.1) jammy-security; urgency=medium * SECURITY UPDATE: Ghost domain names issues - debian/patches/CVE-2022-3069x-pre1.patch: fix that nxdomain synthesis does not happen above the stub or forward definition in cachedb/cachedb.c, edns-subnet/subnetmod.c, iterator/iter_utils.c, iterator/iter_utils.h, iterator/iterator.c, services/cache/dns.c, services/cache/dns.h. - debian/patches/CVE-2022-3069x.patch: fix the novel ghost domain issues in cachedb/cachedb.c, daemon/cachedump.c, daemon/worker.c, dns64/dns64.c, ipsecmod/ipsecmod.c, iterator/iter_utils.c, iterator/iter_utils.h, iterator/iterator.c, pythonmod/interface.i, pythonmod/pythonmod_utils.c, services/cache/dns.c, services/cache/dns.h, services/mesh.c, testdata/iter_prefetch_change.rpl, util/module.h, validator/validator.c. - CVE-2022-30698 - CVE-2022-30699 -- Marc Deslauriers <email address hidden> Tue, 02 Aug 2022 09:52:58 -0400
Available diffs
unbound (1.16.0-2) unstable; urgency=medium * revert the python path change in previous upload, and set python module directory explicitly to /usr/lib/python3/dist-packages/. -- Michael Tokarev <email address hidden> Thu, 02 Jun 2022 19:35:26 +0300
Available diffs
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
unbound (1.13.1-1ubuntu5) jammy; urgency=medium * Cherry-pick upstream commits for Python 3.10 compatibility -- Rico Tzschichholz <email address hidden> Tue, 01 Feb 2022 15:23:57 +0100
Available diffs
Superseded in jammy-proposed |
unbound (1.13.1-1ubuntu4) jammy; urgency=medium * No-change rebuild with Python 3.10 as default version -- Graham Inggs <email address hidden> Thu, 13 Jan 2022 20:38:08 +0000
Available diffs
- diff from 1.13.1-1ubuntu3 to 1.13.1-1ubuntu4 (344 bytes)
unbound (1.13.1-1ubuntu3) jammy; urgency=medium * debian/patches/openssl3.patch: compatibility with OpenSSL 3. -- Steve Langasek <email address hidden> Thu, 09 Dec 2021 20:51:29 +0000
Available diffs
- diff from 1.13.1-1ubuntu1 to 1.13.1-1ubuntu3 (773 bytes)
- diff from 1.13.1-1ubuntu2 to 1.13.1-1ubuntu3 (724 bytes)
Superseded in jammy-proposed |
unbound (1.13.1-1ubuntu2) jammy; urgency=medium * No-change rebuild against libssl3 -- Steve Langasek <email address hidden> Thu, 09 Dec 2021 00:22:14 +0000
Available diffs
- diff from 1.13.1-1ubuntu1 to 1.13.1-1ubuntu2 (339 bytes)
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
unbound (1.13.1-1ubuntu1) impish; urgency=medium * Enable DNS-over-HTTPS support (LP: #1927877) - d/control: add Build-Depends on libnghttp2-dev - d/rules: compile with libnghttp2 -- Athos Ribeiro <email address hidden> Thu, 01 Jul 2021 11:16:26 -0300
Available diffs
unbound (1.6.7-1ubuntu2.4) bionic-security; urgency=medium * SECURITY UPDATE: configuration injection via MITM - debian/patches/CVE-2019-25031.patch: use https, remove special characters in contrib/create_unbound_ad_servers.sh. - CVE-2019-25031 * SECURITY UPDATE: integer overflows in the regional allocator - debian/patches/CVE-2019-25032.patch: fix overflows in config.h.in, configure, configure.ac, util/regional.c. - CVE-2019-25032 - CVE-2019-25033 * SECURITY UPDATE: integer overflow in sldns_str2wire_dname_buf_origin - debian/patches/CVE-2019-25034.patch: check lengths in sldns/str2wire.c. - CVE-2019-25034 * SECURITY UPDATE: out-of-bounds write in sldns_bget_token_par - debian/patches/CVE-2019-25035.patch: check for space in sldns/parse.c. - CVE-2019-25035 * SECURITY UPDATE: assertion failure and denial of service - debian/patches/CVE-2019-25036.patch: validate lengths in iterator/iter_scrub.c. - CVE-2019-25036 * SECURITY UPDATE: assertion failure and denial of service - debian/patches/CVE-2019-25037.patch: validate length in util/data/dname.c. - CVE-2019-25037 * SECURITY UPDATE: integer overflow in a size calculation - debian/patches/CVE-2019-25038.patch: check for overflows in dnscrypt/dnscrypt.c, respip/respip.c. - CVE-2019-25038 - CVE-2019-25039 * SECURITY UPDATE: infinite loop and assertion fail via compressed name - debian/patches/CVE-2019-25040.patch: validate compression pointers in util/data/dname.c. - CVE-2019-25040 - CVE-2019-25041 * SECURITY UPDATE: out-of-bounds write via a compressed name - debian/patches/CVE-2019-25042.patch: move assert in util/data/msgreply.c. - CVE-2019-25042 * SECURITY UPDATE: incorrect PID file handling - debian/patches/CVE-2020-28935.patch: check for symlinks in daemon/unbound.c. - CVE-2020-28935 * debian/patches: rename debian-changes to misc-changes.patch. -- Marc Deslauriers <email address hidden> Wed, 05 May 2021 07:38:50 -0400
Available diffs
unbound (1.9.4-2ubuntu1.2) focal-security; urgency=medium * SECURITY UPDATE: configuration injection via MITM - debian/patches/CVE-2019-25031.patch: use https, remove special characters in contrib/create_unbound_ad_servers.sh. - CVE-2019-25031 * SECURITY UPDATE: integer overflows in the regional allocator - debian/patches/CVE-2019-25032.patch: fix overflows in config.h.in, configure, configure.ac, util/regional.c. - CVE-2019-25032 - CVE-2019-25033 * SECURITY UPDATE: integer overflow in sldns_str2wire_dname_buf_origin - debian/patches/CVE-2019-25034.patch: check lengths in sldns/str2wire.c. - CVE-2019-25034 * SECURITY UPDATE: out-of-bounds write in sldns_bget_token_par - debian/patches/CVE-2019-25035.patch: check for space in sldns/parse.c. - CVE-2019-25035 * SECURITY UPDATE: assertion failure and denial of service - debian/patches/CVE-2019-25036.patch: validate lengths in iterator/iter_scrub.c. - CVE-2019-25036 * SECURITY UPDATE: assertion failure and denial of service - debian/patches/CVE-2019-25037.patch: validate length in util/data/dname.c. - CVE-2019-25037 * SECURITY UPDATE: integer overflow in a size calculation - debian/patches/CVE-2019-25038.patch: check for overflows in dnscrypt/dnscrypt.c, respip/respip.c. - CVE-2019-25038 - CVE-2019-25039 * SECURITY UPDATE: infinite loop and assertion fail via compressed name - debian/patches/CVE-2019-25040.patch: validate compression pointers in util/data/dname.c. - CVE-2019-25040 - CVE-2019-25041 * SECURITY UPDATE: out-of-bounds write via a compressed name - debian/patches/CVE-2019-25042.patch: move assert in util/data/msgreply.c. - CVE-2019-25042 * SECURITY UPDATE: incorrect PID file handling - debian/patches/CVE-2020-28935.patch: check for symlinks in daemon/unbound.c. - CVE-2020-28935 * debian/patches: rename debian-changes to fix-nettle-build.patch. -- Marc Deslauriers <email address hidden> Wed, 05 May 2021 07:22:34 -0400
Available diffs
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: moved to Release) |
unbound (1.13.1-1) unstable; urgency=medium * New upstream version 1.13.1 * debian/gbp.conf: [import-orig] upstream-signatures = True * Drop debian/patches/0002-Fix-358-Squelch-udp-connect-no-route-to-host- errors-.patch (included in 1.13.1 release) * debian/copyright: 2021 -- Robert Edmonds <email address hidden> Tue, 09 Feb 2021 17:53:57 -0500
Available diffs
- diff from 1.13.0-1 to 1.13.1-1 (214.2 KiB)
unbound (1.13.0-1) unstable; urgency=medium * New upstream version 1.13.0 - Fix CVE-2020-28935: PID file vulnerability (Closes: #977165) * debian/patches/0002-Fix-358-Squelch-udp-connect-no-route-to-host- errors-.patch: Cherry-pick upstream commit 5906811ff19f005110b2edbda5aa144ad5fa05b1 to suppress UDP connect() errors on low verbosity -- Robert Edmonds <email address hidden> Wed, 23 Dec 2020 19:34:24 -0500
Available diffs
- diff from 1.12.0-1build1 (in Ubuntu) to 1.13.0-1 (184.5 KiB)
unbound (1.12.0-1build1) hirsute; urgency=medium * No-change rebuild to build with python3.9 as default. -- Matthias Klose <email address hidden> Thu, 19 Nov 2020 18:39:37 +0100
Available diffs
- diff from 1.12.0-1 (in Debian) to 1.12.0-1build1 (320 bytes)
unbound (1.12.0-1) unstable; urgency=medium * New upstream version 1.12.0 -- Robert Edmonds <email address hidden> Mon, 19 Oct 2020 00:35:38 -0400
Available diffs
- diff from 1.11.0-1 to 1.12.0-1 (232.8 KiB)
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
unbound (1.11.0-1) unstable; urgency=medium [ Simon Deziel ] * systemd: don't create a PID file * debian/package-helper: mount --bind systemd notify socket into chroot (Closes: #867187) [ Robert Edmonds ] * New upstream version 1.11.0 - Merge PR #241 by Robert Edmonds: contrib/libunbound.pc.in: Do not use "Requires:". (Closes: #958331) - Introduce "include-toplevel:" configuration option. - Adds its own implementation of Frame Streams for dnstap support. * debian/control: Remove build dependency on libfstrm-dev * debian/unbound.conf: Use "include-toplevel:" instead of "include:" (Closes: #950754) * debian/NEWS: Add entry for 1.11.0-1 regarding the change of /etc/unbound/unbound.conf to using the "include-toplevel:" directive * debian/patches/: Refresh patches -- Robert Edmonds <email address hidden> Sun, 09 Aug 2020 20:57:15 -0400
Available diffs
- diff from 1.10.1-1build1 (in Ubuntu) to 1.11.0-1 (302.6 KiB)
unbound (1.10.1-1build1) groovy; urgency=medium * No change rebuild against new libnettle8 and libhogweed6 ABI. -- Dimitri John Ledkov <email address hidden> Mon, 29 Jun 2020 22:41:48 +0100
Available diffs
- diff from 1.10.1-1 (in Debian) to 1.10.1-1build1 (516 bytes)
unbound (1.9.4-2ubuntu1.1) focal-security; urgency=medium * SECURITY UPDATE: amplification attack and denial of service - debian/patches/CVE-2020-1226x.patch: fix iterator logic in iterator/iter_delegpt.c, iterator/iter_delegpt.h, iterator/iter_scrub.c, iterator/iter_utils.c, iterator/iterator.c, iterator/iterator.h, services/cache/dns.c, util/data/dname.c, util/data/msgparse.c. - CVE-2020-12263 - CVE-2020-12264 -- Marc Deslauriers <email address hidden> Fri, 22 May 2020 08:51:12 -0400
Available diffs
unbound (1.6.7-1ubuntu2.3) bionic-security; urgency=medium * SECURITY UPDATE: amplification attack and denial of service - debian/patches/CVE-2020-1226x.patch: fix iterator logic in iterator/iter_delegpt.c, iterator/iter_delegpt.h, iterator/iter_scrub.c, iterator/iter_utils.c, iterator/iterator.c, iterator/iterator.h, services/cache/dns.c, util/data/dname.c, util/data/msgparse.c. - CVE-2020-12263 - CVE-2020-12264 -- Marc Deslauriers <email address hidden> Fri, 22 May 2020 09:11:45 -0400
Available diffs
unbound (1.9.0-2ubuntu1.1) eoan-security; urgency=medium * SECURITY UPDATE: amplification attack and denial of service - debian/patches/CVE-2020-1226x.patch: fix iterator logic in iterator/iter_delegpt.c, iterator/iter_delegpt.h, iterator/iter_scrub.c, iterator/iter_utils.c, iterator/iterator.c, iterator/iterator.h, services/cache/dns.c, util/data/dname.c, util/data/msgparse.c. - CVE-2020-12263 - CVE-2020-12264 -- Marc Deslauriers <email address hidden> Fri, 22 May 2020 08:56:12 -0400
Available diffs
unbound (1.10.1-1) unstable; urgency=high * New upstream version 1.10.1 - Fix CVE-2020-12662: Unbound can be tricked into amplifying an incoming query into a large number of queries directed to a target. - Fix CVE-2020-12663: Malformed answers from upstream name servers can be used to make Unbound unresponsive. -- Robert Edmonds <email address hidden> Tue, 19 May 2020 11:36:53 -0400
Available diffs
- diff from 1.10.0-1 to 1.10.1-1 (10.5 KiB)
unbound (1.10.0-1) unstable; urgency=medium [ Robert Edmonds ] * New upstream version 1.10.0 * Drop debian/patches/0002-Allow-use-of-libbsd-functions-with-configure- option-.patch (applied upstream) [ Stuart Prescott ] * Drop Python 2 module package (Closes: #938752) -- Robert Edmonds <email address hidden> Sat, 18 Apr 2020 19:29:50 -0400
Available diffs
- diff from 1.9.4-2ubuntu1 (in Ubuntu) to 1.10.0-1 (256.1 KiB)
Superseded in groovy-release |
Published in focal-release |
Deleted in focal-proposed (Reason: moved to Release) |
unbound (1.9.4-2ubuntu1) focal; urgency=medium * Build-depend on python-all-dev. -- Matthias Klose <email address hidden> Sat, 25 Jan 2020 11:43:33 +0100
Available diffs
- diff from 1.9.4-2 (in Debian) to 1.9.4-2ubuntu1 (510 bytes)
- diff from 1.9.4-2build1 to 1.9.4-2ubuntu1 (461 bytes)
Superseded in focal-proposed |
unbound (1.9.4-2build1) focal; urgency=medium * No-change rebuild to build with python3.8. -- Matthias Klose <email address hidden> Sat, 25 Jan 2020 04:41:11 +0000
Available diffs
- diff from 1.9.4-2 (in Debian) to 1.9.4-2build1 (337 bytes)
Superseded in focal-proposed |
unbound (1.9.0-2ubuntu3) focal; urgency=medium * No-change rebuild against libnettle7 -- Steve Langasek <email address hidden> Thu, 31 Oct 2019 22:16:07 +0000
Available diffs
- diff from 1.9.0-2ubuntu2 to 1.9.0-2ubuntu3 (311 bytes)
unbound (1.9.4-2) unstable; urgency=medium * Cherry-pick upstream commit ec021e0d, "fix build with nettle-3.5" (Closes: #941041) -- Robert Edmonds <email address hidden> Sat, 26 Oct 2019 08:00:58 -0400
Available diffs
- diff from 1.9.0-2ubuntu2 (in Ubuntu) to 1.9.4-2 (184.8 KiB)
- diff from 1.9.0-2ubuntu3 (in Ubuntu) to 1.9.4-2 (184.9 KiB)
unbound (1.9.0-2ubuntu2) focal; urgency=medium * No-change rebuild for libevent soname changes. -- Matthias Klose <email address hidden> Sat, 19 Oct 2019 19:58:53 +0000
Available diffs
- diff from 1.9.0-2ubuntu1 to 1.9.0-2ubuntu2 (328 bytes)
Superseded in focal-release |
Obsolete in eoan-release |
Deleted in eoan-proposed (Reason: moved to Release) |
unbound (1.9.0-2ubuntu1) eoan; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-16866.diff: sets edns to zero to avoid access to an uninitialized memory in util/data/msgparse.c. - CVE-2019-16866 -- <email address hidden> (Leonidas S. Barbosa) Mon, 07 Oct 2019 15:14:33 -0300
Available diffs
unbound (1.9.0-2ubuntu0.1) disco-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-16866.diff: sets edns to zero to avoid access to an uninitialized memory in util/data/msgparse.c. - CVE-2019-16866 -- <email address hidden> (Leonidas S. Barbosa) Mon, 07 Oct 2019 14:49:35 -0300
Available diffs
Superseded in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
unbound (1.9.0-2) unstable; urgency=medium [ Simon Deziel ] * Disable chroot'ing (Closes: #921538) -- Robert Edmonds <email address hidden> Sat, 09 Feb 2019 21:10:52 -0500
Available diffs
- diff from 1.8.1-1 to 1.9.0-2 (208.9 KiB)
- diff from 1.9.0-1 to 1.9.0-2 (446 bytes)
unbound (1.9.0-1) unstable; urgency=medium * New upstream version 1.9.0 * Team upload * Include dpkg/default.mk instead of only buildflags.mk * Update d/watch to reflect new download location and add signature check -- Ondřej Surý <email address hidden> Tue, 05 Feb 2019 09:49:04 +0000
Available diffs
- diff from 1.8.1-1 to 1.9.0-1 (208.7 KiB)
unbound (1.8.1-1) unstable; urgency=medium * New upstream version 1.8.1 -- Robert Edmonds <email address hidden> Thu, 08 Nov 2018 16:50:36 -0500
Available diffs
- diff from 1.7.3-1build2 (in Ubuntu) to 1.8.1-1 (211.5 KiB)
unbound (1.7.3-1build2) disco; urgency=medium * No-change rebuild to build for python3.7 as the default. -- Matthias Klose <email address hidden> Wed, 31 Oct 2018 12:37:16 +0000
Available diffs
- diff from 1.7.3-1build1 to 1.7.3-1build2 (342 bytes)
Superseded in disco-release |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
unbound (1.7.3-1build1) cosmic; urgency=high * No change rebuild against openssl 1.1.1 with TLS 1.3 support. -- Dimitri John Ledkov <email address hidden> Sat, 29 Sep 2018 01:37:00 +0100
Available diffs
- diff from 1.7.3-1 (in Debian) to 1.7.3-1build1 (512 bytes)
unbound (1.6.7-1ubuntu2.2) bionic; urgency=medium * d/p/lp-1788622-fix-systemd-reload.patch: Fix hang due to all worker threads stopping on reload (LP: #1788622) -- Christian Ehrhardt <email address hidden> Mon, 27 Aug 2018 14:12:29 +0200
Available diffs
unbound (1.7.3-1) unstable; urgency=medium * New upstream version 1.7.3 - Don't count CNAME response types received during qname minimisation as query restart. (Closes: #900800) -- Robert Edmonds <email address hidden> Thu, 21 Jun 2018 12:45:09 -0400
Available diffs
- diff from 1.7.2-1 to 1.7.3-1 (61.1 KiB)
unbound (1.7.2-1) unstable; urgency=medium [ Robert Edmonds ] * New upstream version 1.7.2 * debian/control: Update Maintainer field (Closes: #899758) [ Vincent Bernat ] * daemon/daemon.c: Fix reload hangs with systemd (Closes: #892914) -- Robert Edmonds <email address hidden> Wed, 20 Jun 2018 17:30:34 -0400
Available diffs
- diff from 1.7.1-1 to 1.7.2-1 (115.1 KiB)
unbound (1.5.8-1ubuntu1.1) xenial-security; urgency=medium * SECURITY UPDATE: vulnerability in the processing of wildcard synthesized NSEC records (LP: #1773720) - debian/patches/CVE-2017-15105.patch - CVE-2017-15105 * Fix install of trust anchor when two anchors are present - debian/patches/unbound-r4302.patch -- Simon Deziel <email address hidden> Mon, 28 May 2018 02:38:19 +0000
Available diffs
unbound (1.4.22-1ubuntu4.14.04.3) trusty-security; urgency=medium * SECURITY UPDATE: vulnerability in the processing of wildcard synthesized NSEC records (LP: #1773720) - debian/patches/CVE-2017-15105.patch - CVE-2017-15105 * Fix install of trust anchor when two anchors are present - debian/patches/unbound-r4302.patch -- Steve Beattie <email address hidden> Thu, 07 Jun 2018 11:19:28 -0700
unbound (1.6.5-1ubuntu0.2) artful-security; urgency=medium * SECURITY UPDATE: vulnerability in the processing of wildcard synthesized NSEC records (LP: #1773720) - debian/patches/CVE-2017-15105.patch - CVE-2017-15105 -- Simon Deziel <email address hidden> Mon, 28 May 2018 02:38:19 +0000
Available diffs
unbound (1.6.7-1ubuntu2.1) bionic-security; urgency=medium * SECURITY UPDATE: vulnerability in the processing of wildcard synthesized NSEC records (LP: #1773720) - debian/patches/CVE-2017-15105.patch - CVE-2017-15105 -- Simon Deziel <email address hidden> Mon, 28 May 2018 02:38:19 +0000
Available diffs
unbound (1.7.1-1) unstable; urgency=medium [ Robert Edmonds ] * debian/control: Update Vcs-* links to use salsa.debian.org URLs * New upstream version 1.7.1 [ Simon Deziel ] * debian/apparmor-profile: Add capabilities to chown/chmod Unix control socket (Closes: #891705) * debian/apparmor-profile: Allow reading /var/lib/sss/mc/initgroups * debian/apparmor-profile: Permit unbound to notify readiness to systemd (Closes: #867186) * debian/apparmor-profile: Let unbound r/w anywhere under /var/lib/unbound (Closes: #882731) * debian/apparmor-profile: Use attach_disconnected -- Robert Edmonds <email address hidden> Wed, 23 May 2018 15:41:54 -0400
Available diffs
- diff from 1.6.7-1ubuntu2 (in Ubuntu) to 1.7.1-1 (274.9 KiB)
Superseded in cosmic-release |
Published in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
unbound (1.6.7-1ubuntu2) bionic; urgency=medium * debian/apparmor-profile: add capabilities to chown/chmod Unix control socket and allow reading /var/lib/sss/mc/initgroups (Closes: #891705, LP: #1749931) -- Simon Deziel <email address hidden> Tue, 27 Feb 2018 21:31:49 -0500
Available diffs
- diff from 1.6.7-1ubuntu1 to 1.6.7-1ubuntu2 (599 bytes)
unbound (1.6.7-1ubuntu1) bionic; urgency=medium * debian/apparmor: update to allow writing to /run/systemd/notify (Closes: #867186, LP: #1723900) -- Jamie Strandboge <email address hidden> Thu, 22 Feb 2018 19:35:23 +0000
Available diffs
- diff from 1.6.7-1build1 to 1.6.7-1ubuntu1 (485 bytes)
unbound (1.6.5-1ubuntu0.1) artful-security; urgency=medium * apparmor: permit unbound to notify readiness to systemd (Closes: #867186, LP: #1723900) -- Simon Deziel <email address hidden> Mon, 16 Oct 2017 13:11:12 +0000
Available diffs
unbound (1.6.7-1build1) bionic; urgency=high * No change rebuild against openssl1.1. -- Dimitri John Ledkov <email address hidden> Mon, 05 Feb 2018 23:29:28 +0000
Available diffs
- diff from 1.6.7-1 (in Debian) to 1.6.7-1build1 (510 bytes)
unbound (1.6.7-1) unstable; urgency=medium * New upstream version 1.6.7 -- Robert Edmonds <email address hidden> Sun, 15 Oct 2017 17:46:46 -0400
Available diffs
- diff from 1.6.5-1 to 1.6.7-1 (219.5 KiB)
Superseded in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
unbound (1.6.5-1) unstable; urgency=high [ Robert Edmonds ] * New upstream version 1.6.5 - Fix install of trust anchor when two anchors are present, makes both valid. Checks hash of DS but not signature of new key. This fixes installs between sep11 and oct11 2017. * debian/rules: Enable EDNS Client Subnet in daemon [ Simon Deziel ] * debian/unbound.service: Set PIDFile= (Closes: #867192) [ Antony Antony ] * debian/rules: Enable libevent for libunbound2 API (Closes: #871675) -- Robert Edmonds <email address hidden> Tue, 22 Aug 2017 22:50:56 -0400
Available diffs
1 → 75 of 146 results | First • Previous • Next • Last |