Debian Package Tracker
Register | Log in
Subscribe

unbound

validating, recursive, caching DNS resolver

Choose email to subscribe with

general
  • source: unbound (main)
  • version: 1.22.0-1
  • maintainer: unbound packagers (DMD)
  • uploaders: Michael Tokarev [DMD] – Robert Edmonds [DMD]
  • arch: any
  • std-ver: 4.6.2
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1.9.0-2+deb10u2
  • o-o-sec: 1.9.0-2+deb10u4
  • oldstable: 1.13.1-1+deb11u2
  • old-sec: 1.13.1-1+deb11u4
  • old-bpo: 1.17.1-2~bpo11+1
  • stable: 1.17.1-2+deb12u2
  • stable-sec: 1.17.1-2+deb12u2
  • testing: 1.22.0-1
  • unstable: 1.22.0-1
versioned links
  • 1.9.0-2+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.9.0-2+deb10u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.13.1-1+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.13.1-1+deb11u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.17.1-2~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.17.1-2+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.22.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libunbound-dev (1 bugs: 0, 1, 0, 0)
  • libunbound8
  • python3-unbound
  • unbound (9 bugs: 0, 7, 2, 0)
  • unbound-anchor (2 bugs: 0, 1, 1, 0)
  • unbound-host (3 bugs: 0, 1, 2, 0)
action needed
A new upstream version is available: 1.23.0 high
A new upstream version 1.23.0 is available, you should consider packaging it.
Created: 2025-04-09 Last update: 2025-05-24 16:29
1 bug tagged patch in the BTS normal
The BTS contains patches fixing 1 bug, consider including or untagging them.
Created: 2025-03-19 Last update: 2025-05-24 21:01
2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

1 issue left for the package maintainer to handle:
  • CVE-2024-8508: (needs triaging) NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.

You can find information about how to handle this issue in the security team's documentation.

1 ignored issue:
  • CVE-2024-33655: The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.
Created: 2024-05-09 Last update: 2025-02-27 05:02
debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 1.22.0-1 of the package, we noticed the following issues:

  • 1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2023-02-26 Last update: 2024-10-19 22:30
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.2).
Created: 2022-05-11 Last update: 2025-02-27 13:24
news
[rss feed]
  • [2024-11-14] Accepted unbound 1.13.1-1+deb11u4 (source) into oldstable-security (Daniel Leidert)
  • [2024-10-21] unbound 1.22.0-1 MIGRATED to testing (Debian testing watch)
  • [2024-10-19] Accepted unbound 1.22.0-1 (source) into unstable (Michael Tokarev)
  • [2024-10-07] unbound 1.21.1-1 MIGRATED to testing (Debian testing watch)
  • [2024-10-04] Accepted unbound 1.21.1-1 (source) into unstable (Michael Tokarev)
  • [2024-09-29] Accepted unbound 1.13.1-1+deb11u3 (source amd64) into oldstable-security (Daniel Leidert)
  • [2024-05-13] unbound 1.20.0-1 MIGRATED to testing (Debian testing watch)
  • [2024-05-09] Accepted unbound 1.20.0-1 (source) into unstable (Michael Tokarev)
  • [2024-05-03] unbound 1.19.2-1 MIGRATED to testing (Debian testing watch)
  • [2024-03-07] Accepted unbound 1.19.2-1 (source) into unstable (Michael Tokarev)
  • [2024-02-21] Accepted unbound 1.9.0-2+deb10u4 (source) into oldoldstable (Markus Koschany)
  • [2024-02-16] unbound 1.19.1-1 MIGRATED to testing (Debian testing watch)
  • [2024-02-15] Accepted unbound 1.13.1-1+deb11u2 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
  • [2024-02-14] Accepted unbound 1.17.1-2+deb12u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
  • [2024-02-14] Accepted unbound 1.17.1-2+deb12u2 (source) into stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
  • [2024-02-14] Accepted unbound 1.13.1-1+deb11u2 (source) into oldstable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
  • [2024-02-13] Accepted unbound 1.19.1-1 (source) into unstable (Michael Tokarev)
  • [2023-09-27] Accepted unbound 1.17.1-2+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Michael Tokarev)
  • [2023-09-08] unbound 1.18.0-2 MIGRATED to testing (Debian testing watch)
  • [2023-09-06] Accepted unbound 1.18.0-2 (source) into unstable (Michael Tokarev)
  • [2023-09-04] Accepted unbound 1.18.0-1 (source) into unstable (Michael Tokarev)
  • [2023-04-26] Accepted unbound 1.17.1-2~bpo11+1 (source) into bullseye-backports (Michael Tokarev)
  • [2023-04-25] Accepted unbound 1.17.1-1~bpo11+1 (source amd64) into bullseye-backports (Debian FTP Masters) (signed by: Michael Tokarev)
  • [2023-04-16] unbound 1.17.1-2 MIGRATED to testing (Debian testing watch)
  • [2023-04-09] Accepted unbound 1.17.1-2 (source) into unstable (Michael Tokarev)
  • [2023-04-07] Accepted unbound 1.13.1-1+deb11u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Markus Koschany)
  • [2023-03-29] Accepted unbound 1.9.0-2+deb10u3 (source) into oldstable (Markus Koschany)
  • [2023-01-28] unbound 1.17.1-1 MIGRATED to testing (Debian testing watch)
  • [2023-01-12] Accepted unbound 1.17.1-1 (source) into unstable (Michael Tokarev)
  • [2022-10-15] unbound 1.17.0-1 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 15
  • RC: 0
  • I&N: 10
  • M&W: 5
  • F&P: 0
  • patch: 1
links
  • homepage
  • lintian
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debian patches
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.22.0-1ubuntu1
  • 11 bugs (1 patch)
  • patches for 1.22.0-1ubuntu1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing