Ubuntu
unbound package

Merge 1.19.2-1 from debian, fixing CVE-2024-1931

Bug #2056552 reported by Andreas Hasenack
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
unbound (Ubuntu)
Fix Released
High
Andreas Hasenack
Ubuntu ubuntu-24.03

Bug Description

unbound (1.19.2-1) unstable; urgency=medium

  * new upstream bugfix release. Closes: CVE-2024-1931,
    denial of service when trimming EDE text on positive replies
  * d/changelog: add the forgotten Closes for
    #1063845, #1051817, #1051818, #1056631 to the previous
    changelog entry

 -- Michael Tokarev <email address hidden> Thu, 07 Mar 2024 23:35:52 +0300

Tags: needs-merge
Andreas Hasenack (ahasenack)
Changed in unbound (Ubuntu):
milestone: none → ubuntu-24.03
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Uploaded: https://launchpad.net/ubuntu/+source/unbound/1.19.2-1ubuntu1

Changed in unbound (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unbound - 1.19.2-1ubuntu1

---------------
unbound (1.19.2-1ubuntu1) noble; urgency=medium

  * Merge with Debian unstable (LP: #2056552). Remaining changes:
    - Don't build with hiredis on i386. hiredis and redis are not built
      on i386 and require bootstrapping due to circular
      build-dependencies; simpler to just disable this in the i386
      unbound server binary (that no one will ever use).

 -- Andreas Hasenack <email address hidden> Fri, 08 Mar 2024 10:23:53 -0300

Changed in unbound (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.