head     1.1;
branch   1.1.1;
access   ;
symbols  unbound-1-25-1:1.1.1.1 NLNETLABS:1.1.1;
locks    ; strict;
comment  @# @;


1.1
date     2026.05.21.16.11.47;  author christos;  state Exp;
branches 1.1.1.1;
next     ;
commitid        KUtmCKdRNks7oHGG;

1.1.1.1
date     2026.05.21.16.11.47;  author christos;  state Exp;
branches ;
next     ;
commitid        KUtmCKdRNks7oHGG;


desc
@@



1.1
log
@Initial revision
@
text
@-----BEGIN CERTIFICATE-----
MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
-----END CERTIFICATE-----
@


1.1.1.1
log
@Import unbound 1.25.1 (previous was 1.24.2)

Bug Fixes

Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation.
Thanks to Qifan Zhang, Palo Alto Networks, for the report.

Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie,
padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for the
report.

Fix CVE-2026-42959, Crash during DNSSEC validation of malicious content. Thanks
to Qifan Zhang, Palo Alto Networks, for the report.

Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew Griffiths
from 'calif.io' for the report.

Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan Zhang, Palo
Alto Networks, for the report.

Fix CVE-2026-41292, Parsing a long list of incoming EDNS options degrades
performance. Thanks to GitHub user 'N0zoM1z0', also Qifan Zhang from Palo Alto
Networks, for the report.

Fix CVE-2026-42534, Jostle logic bypass degrades resolution performance. Thanks
to Qifan Zhang, Palo Alto Networks, for the report.

Fix CVE-2026-42923, Degradation of service with unbounded NSEC3 hash
calculations. Thanks to Qifan Zhang, Palo Alto Networks, for the report.

Fix CVE-2026-42960, Possible cache poisoning attack while following
delegation. Thanks to TaoFei Guo from Peking University, Yang Luo and JianJun
Chen, Tsinghua University, for the report.

Fix CVE-2026-44390, Unbounded name compression in certain cases causes
degradation of service. Thanks to Qifan Zhang, Palo Alto Networks, for the
report.

Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks to Qifan
Zhang, Palo Alto Networks, for the report.

For changes to older versions see:

https://nlnetlabs.nl/projects/unbound/download/#unbound-1-25-1
@
text
@@