Debian Package Tracker
Register | Log in
Subscribe

unbound

validating, recursive, caching DNS resolver

Choose email to subscribe with

general
  • source: unbound (main)
  • version: 1.17.1-1
  • maintainer: unbound packagers (DMD)
  • uploaders: Michael Tokarev [DMD] – Robert Edmonds [DMD]
  • arch: any
  • std-ver: 4.6.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1.6.0-3+deb9u2
  • oldstable: 1.9.0-2+deb10u2
  • old-sec: 1.9.0-2+deb10u2
  • old-bpo: 1.13.1-1~bpo10+1
  • stable: 1.13.1-1
  • testing: 1.17.1-1
  • unstable: 1.17.1-1
versioned links
  • 1.6.0-3+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.9.0-2+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.13.1-1~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.13.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.17.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libunbound-dev
  • libunbound8 (1 bugs: 0, 1, 0, 0)
  • python3-unbound
  • unbound (7 bugs: 0, 4, 3, 0)
  • unbound-anchor (1 bugs: 0, 0, 1, 0)
  • unbound-host (2 bugs: 0, 0, 2, 0)
action needed
lintian reports 1 error and 1 warning high
Lintian reports 1 error and 1 warning about this package. You should make the package lintian clean getting rid of them.
Created: 2022-10-13 Last update: 2023-02-18 03:39
2 bugs tagged patch in the BTS normal
The BTS contains patches fixing 2 bugs, consider including or untagging them.
Created: 2022-11-19 Last update: 2023-04-01 06:34
1 new commit since last upload, is it time to release? normal
vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:
commit 5064a44cfda131bde80d7a098b9a02d67273e4fb
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Thu Jan 12 18:50:32 2023 +0300

    unbound-helper: return 0 explicitly in a few places (#1019140)
Created: 2023-01-12 Last update: 2023-03-30 07:32
3 low-priority security issues in bullseye low

There are 3 open security issues in bullseye.

3 issues left for the package maintainer to handle:
  • CVE-2022-3204: (needs triaging) A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.
  • CVE-2022-30698: (needs triaging) NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.
  • CVE-2022-30699: (needs triaging) NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-08-01 Last update: 2023-03-29 15:38
debian/patches: 3 patches to forward upstream low

Among the 3 debian patches available in version 1.17.1-1 of the package, we noticed the following issues:

  • 3 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2023-02-26 Last update: 2023-02-26 15:54
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.6.0).
Created: 2022-05-11 Last update: 2023-01-13 01:13
news
[rss feed]
  • [2023-03-29] Accepted unbound 1.9.0-2+deb10u3 (source) into oldstable (Markus Koschany)
  • [2023-01-28] unbound 1.17.1-1 MIGRATED to testing (Debian testing watch)
  • [2023-01-12] Accepted unbound 1.17.1-1 (source) into unstable (Michael Tokarev)
  • [2022-10-15] unbound 1.17.0-1 MIGRATED to testing (Debian testing watch)
  • [2022-10-13] Accepted unbound 1.17.0-1 (source) into unstable (Michael Tokarev)
  • [2022-09-23] unbound 1.16.3-1 MIGRATED to testing (Debian testing watch)
  • [2022-09-23] unbound 1.16.3-1 MIGRATED to testing (Debian testing watch)
  • [2022-09-21] Accepted unbound 1.16.3-1 (source) into unstable (Michael Tokarev)
  • [2022-08-16] unbound 1.16.2-1 MIGRATED to testing (Debian testing watch)
  • [2022-08-12] Accepted unbound 1.16.2-1 (source) into unstable (Michael Tokarev)
  • [2022-06-11] unbound 1.16.0-2 MIGRATED to testing (Debian testing watch)
  • [2022-06-02] Accepted unbound 1.16.0-2 (source) into unstable (Michael Tokarev)
  • [2022-06-02] Accepted unbound 1.16.0-1 (source) into unstable (Michael Tokarev)
  • [2022-05-15] Accepted unbound 1.15.0-11 (source) into unstable (Michael Tokarev)
  • [2022-05-08] Accepted unbound 1.15.0-10 (source) into unstable (Michael Tokarev)
  • [2022-05-07] Accepted unbound 1.15.0-9 (source) into unstable (Michael Tokarev)
  • [2022-05-05] unbound 1.15.0-8 MIGRATED to testing (Debian testing watch)
  • [2022-04-29] Accepted unbound 1.15.0-8 (source) into unstable (Michael Tokarev)
  • [2022-04-29] Accepted unbound 1.15.0-7 (source) into unstable (Michael Tokarev)
  • [2022-04-28] Accepted unbound 1.15.0-6 (source) into unstable (Michael Tokarev)
  • [2022-04-28] Accepted unbound 1.15.0-5 (source) into unstable (Michael Tokarev)
  • [2022-04-25] unbound 1.15.0-4 MIGRATED to testing (Debian testing watch)
  • [2022-04-20] Accepted unbound 1.15.0-4 (source) into unstable (Michael Tokarev)
  • [2022-04-20] unbound 1.13.1-1.1 MIGRATED to testing (Debian testing watch)
  • [2022-04-19] Accepted unbound 1.15.0-3 (source) into unstable (Michael Tokarev)
  • [2022-04-19] Accepted unbound 1.15.0-2 (source) into experimental (Michael Tokarev)
  • [2022-04-17] Accepted unbound 1.15.0-1 (source) into experimental (Michael Tokarev)
  • [2022-04-06] Accepted unbound 1.13.1-1.1 (source) into unstable (Sebastian Ramacher)
  • [2021-02-27] Accepted unbound 1.13.1-1~bpo10+1 (source) into buster-backports (Robert Edmonds)
  • [2021-02-20] unbound 1.13.1-1 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 13
  • RC: 0
  • I&N: 6
  • M&W: 6
  • F&P: 1
  • patch: 2
links
  • homepage
  • lintian (1, 1)
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debian patches
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.17.1-1
  • 7 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing