head     1.1;
branch   1.1.1;
access   ;
symbols  unbound-1-25-1:1.1.1.1 NLNETLABS:1.1.1;
locks    ; strict;
comment  @# @;


1.1
date     2026.05.21.16.11.47;  author christos;  state Exp;
branches 1.1.1.1;
next     ;
commitid        KUtmCKdRNks7oHGG;

1.1.1.1
date     2026.05.21.16.11.47;  author christos;  state Exp;
branches ;
next     ;
commitid        KUtmCKdRNks7oHGG;


desc
@@



1.1
log
@Initial revision
@
text
@-----BEGIN RSA PRIVATE KEY-----
MIIDfQIBAAKBwQC1xQ/Kca6zszZbcCtdOTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJ
RuN+Rm304SonpwghfP2/ULZNnuDgpG03/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1
QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ867K029ypjOQtAJ85qdO3mERy7TGtdUcu
O6hLeVet419YeQ2F8cfNxn63d7bOzNGLPW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeU
J/i4YDWexFYSL+ECAwEAAQKBwCLXXQl+9O+5AEhSnd1Go1Jh0pSA7eBJOuXQcebG
Rb7ykp+6C4G2NtDziwwPRNdI6wQQQ0sym18RfyVQHydGr78/nbiIbB3HCn5e92Mh
mefzW6ow9Kvm2txLzGKA1lvoyRbNm81jnG/eygi3u7Nqd5PNv+4dHj2RkTlmxOeh
qnDMVP5md8uZPv6lYNnrnIzvLCR5vnPNdVwn89AqzI85IcDZdy0R9ZX4NBbsDgAU
6ig6uXuRXvSGiyJ/OUXSrnogaQJhAOjvkHUhVZQkPOxO90TNH4j0GdKKtbSWxIdz
lKfuJeBAEqs0TL+C6vbS81Xw3W1alyDdUBk3rJMOBqW6Ryq5HNL+j5H+Jfsh7fvc
Yle+5wHGci0P9zCFZCrY8It7n9XFIwJhAMfEi6oJa2G8waPJ1bQhxka82Tf9pnKM
XCn/1BBOFjVIx5F842cpA+zp5a62GENTGYPQTTRBB/2/ZwnW5aIkrlg54AtmbqBZ
Oh+2kJdJQD/tfoVmc5soUE2ScTHadK5RKwJhAN4w9kjkXS+MSZjX0kIMsBIBVkhh
C+aREjJqa9ir7/Ey7RvmLXdYuCxtGLRXp7/R8+rjcK49Tx6O+IRJZe042mfhbq3C
EhS1Tr86f4xXix9EXlDhs9bSxrOgcAN9Dv/opQJhAK7eBcPaav0rVfYh/8emqQHS
3fJ9Pu6WnzbEksWTFS2ff9KDGCx9YspIFJ5TF/oXDAaumGZdZrlgirm6O1kr8tGY
F97i04PZl1+bWAaWQH+1TUNI43m2WFUPE7coG2tb8QJgcddDg9VlXliZqgcETZfJ
kJmYETxrcSn3ao6v116N8yxhEgUgjkmsCTiFgx36iDVnXwK6PIt+sIu8MC7eYNa3
berrv/M21K0LRn20IWRxvUobG070weHCAgkko7fTWgr2
-----END RSA PRIVATE KEY-----
@


1.1.1.1
log
@Import unbound 1.25.1 (previous was 1.24.2)

Bug Fixes

Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation.
Thanks to Qifan Zhang, Palo Alto Networks, for the report.

Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie,
padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for the
report.

Fix CVE-2026-42959, Crash during DNSSEC validation of malicious content. Thanks
to Qifan Zhang, Palo Alto Networks, for the report.

Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew Griffiths
from 'calif.io' for the report.

Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan Zhang, Palo
Alto Networks, for the report.

Fix CVE-2026-41292, Parsing a long list of incoming EDNS options degrades
performance. Thanks to GitHub user 'N0zoM1z0', also Qifan Zhang from Palo Alto
Networks, for the report.

Fix CVE-2026-42534, Jostle logic bypass degrades resolution performance. Thanks
to Qifan Zhang, Palo Alto Networks, for the report.

Fix CVE-2026-42923, Degradation of service with unbounded NSEC3 hash
calculations. Thanks to Qifan Zhang, Palo Alto Networks, for the report.

Fix CVE-2026-42960, Possible cache poisoning attack while following
delegation. Thanks to TaoFei Guo from Peking University, Yang Luo and JianJun
Chen, Tsinghua University, for the report.

Fix CVE-2026-44390, Unbounded name compression in certain cases causes
degradation of service. Thanks to Qifan Zhang, Palo Alto Networks, for the
report.

Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks to Qifan
Zhang, Palo Alto Networks, for the report.

For changes to older versions see:

https://nlnetlabs.nl/projects/unbound/download/#unbound-1-25-1
@
text
@@