Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted bind9 1:9.20.21-1 (source) into unstable
Date: Wed, 25 Mar 2026 19:48:38 +0000
Signed by: Ondřej Surý <ondrej@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 25 Mar 2026 16:38:18 +0100
Source: bind9
Architecture: source
Version: 1:9.20.21-1
Distribution: unstable
Urgency: high
Maintainer: Debian DNS Team <team+dns@tracker.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Changes:
 bind9 (1:9.20.21-1) unstable; urgency=high
 .
   * New upstream version 9.20.21
    - [CVE-2026-1519]: Fix unbounded NSEC3 iterations when validating
      referrals to unsigned delegations.
    - [CVE-2026-3104]: Fix memory leaks in code preparing DNSSEC proofs of
      non-existence.
    - [CVE-2026-3119]: Prevent a crash in code processing queries
      containing a TKEY record.
    - [CVE-2026-3591]: Fix a stack use-after-return flaw in SIG(0) handling
      code.
Checksums-Sha1:
 4a0d249dac904509c43152a5a3a084ad68bf5833 3154 bind9_9.20.21-1.dsc
 c0cb690b194041de2deb760dfb23658a06b409d4 5808576 bind9_9.20.21.orig.tar.xz
 b94c74cbf263c588970053c534c2c2b45609cd85 833 bind9_9.20.21.orig.tar.xz.asc
 e1f33d66e25e3b2924c8ec191589fc7b807e58bf 62180 bind9_9.20.21-1.debian.tar.xz
 51ecc4991089c09e719a668a1301000567e19e6a 14352 bind9_9.20.21-1_amd64.buildinfo
Checksums-Sha256:
 f665a170d4ca7bb1b3d625debde6349989c6cc39e9d019f5901571f4e75c291e 3154 bind9_9.20.21-1.dsc
 15e1b5a227d2890f7c4e823a6ea018de70ee2f3a0e859cbff3d82aad8590de03 5808576 bind9_9.20.21.orig.tar.xz
 95b2b9ac3b6f216d69a086d97da7feabb68e25d2ed264dc4049de7c6be61de5c 833 bind9_9.20.21.orig.tar.xz.asc
 6026a46ebd198e7d9e179cc73303b2e1f9622120fb2461bd63f45d3b8ae6d5bb 62180 bind9_9.20.21-1.debian.tar.xz
 28314772f7e98e1212b6da2d90a542c36a6246b8fdc423fbb90dfb9326ff9476 14352 bind9_9.20.21-1_amd64.buildinfo
Files:
 7fa333221642f79cbca31d715e2a7952 3154 net optional bind9_9.20.21-1.dsc
 b571adbe3bf1c5d1352a68ee29fa383d 5808576 net optional bind9_9.20.21.orig.tar.xz
 00fb797da3782eca399bc1ffe36038c2 833 net optional bind9_9.20.21.orig.tar.xz.asc
 b0745248560d5b883b647ee5c4a294c3 62180 net optional bind9_9.20.21-1.debian.tar.xz
 e8e8eb7d48728dd767dc189f038014b5 14352 net optional bind9_9.20.21-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmnEN5hfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz
NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u
WcLahQ/+Lx9C+v1kkn/GOzPpioZo1K4YIhh6RGVAsn+QUoC27cXA2E/rikARPJ8G
HtUqAi1Cen+EgUT3xSow34r1k0ydYsFLkpcBaB0zD27pIQAFqc3FxjPTLXqiGno8
R+I4TYCUwr4l+HDkFpiPJ73lNT/tkVY6uD7zKHdQ0rUnMD2XNgvY1QvF5lRSxx1q
IoTLJA+ekjn4TrCH++felru18KUmn8ec3v1ICyLL+c6YeR5IQ/sknGm7g2S1i//C
pgx6yC8fPdwlsu6oIIVIfXht4Kf6ioFxhTNoodjmPOwkm6VHWIIsjlkHVOZG65sp
5zDXemBQKYIQsDpM0xAcdCfzo/B2oWq6beI5XFsGkbepOnU8DwukVjYzWZ5yxgUW
IvKN+apSXtFl2FERiQUwt3f3pAAFhNS4GLTxOGTckMDvUVZyv7n3V3W+WhtUZyqN
RqwttU1PUE/cPDlV3VggluVUP6gH10Ln+QUMxFVuLHIi3UPqEjiKWbksDgGo0AYH
ttWnyMOgHJFnYLFYeJtcPXMKxLqsaJIuA6/JXpTXlqQFjidzFGCx6Gj52CWldjll
DkrYzK87VJGPv+g068PiGHdXY+HnNPY38+xeLJtBUnmDt5m5RB2L7mpPKCgctfb7
mGeC/Z4jOPreKbTmveSw/lNDAPrlvDHvrtecpAhNDma0kEpw1I4=
=tTCF
-----END PGP SIGNATURE-----
News for package bind9
