Multiple security issues with unbound [DSA 2370-1]

Fixed in Debian Unstable in 1.4.14. Having that synced to take care of Precise.

This bug was fixed in the package unbound - 1.4.14-2

---------------
unbound (1.4.14-2) unstable; urgency=high

  * Work around gcc bugs by disabling link time optimization on build
    architectures that are not i386/amd64.

 -- Robert S. Edmonds <email address hidden> Wed, 21 Dec 2011 15:52:17 -0500

unbound (1.4.14-1) unstable; urgency=high

   * New upstream release.
     - CVE-2011-4528.
   * Call dh_python2 in debian/rules; closes: #652294.

 -- Robert S. Edmonds <email address hidden> Mon, 19 Dec 2011 11:00:46 -0500

This is the solution to the security bug for Oneiric, but the package FTBFS in configure for me, so this is an incomplete solution.

I don't have an exploit to test this against, but the patch comes directly from the Debian security update for Squeeze and I compared the code and it's identical in all releases, so I would consider it validated through code inspection.

This bug was fixed in the package unbound - 1.4.9-0ubuntu1.2

---------------
unbound (1.4.9-0ubuntu1.2) natty-security; urgency=high

  * SECURITY UPDATE:
  * References: CVE 2011-4528, 2011-4869 (LP: #907983)
  * Add debian/patches/CVE-2011-4528 to fix DoS with DNSSEC
    - Patch from Debian security update
 -- Scott Kitterman <email address hidden> Fri, 23 Dec 2011 00:12:43 -0500

This bug was fixed in the package unbound - 1.4.5-1ubuntu1.2

---------------
unbound (1.4.5-1ubuntu1.2) maverick-security; urgency=high

  * SECURITY UPDATE:
  * References: CVE 2011-4528, 2011-4869 (LP: #907983)
  * Add debian/patches/CVE-2011-4528 to fix DoS with DNSSEC
    - Patch from Debian security update
 -- Scott Kitterman <email address hidden> Fri, 23 Dec 2011 00:09:35 -0500

This bug was fixed in the package unbound - 1.4.1-2ubuntu0.2

---------------
unbound (1.4.1-2ubuntu0.2) lucid-security; urgency=high

  [ Scott Kitterman ]
  * SECURITY UPDATE:
  * References: CVE 2011-4528, 2011-4869 (LP: #907983)
  * Add debian/patches/CVE-2011-4528 to fix DoS with DNSSEC
    - Patch from Debian security update

  [ Marc Deslauriers ]
  * SECURITY UPDATE: denial of service via crafted query
    - debian/patches/CVE-2009-4008.patch: add checks to util/data/dname.c.
    - CVE-2009-4008
  * SECURITY UPDATE: denial of service via improperly aligned structures
    - debian/patches/CVE-2010-0969.patch: properly calculate sizes in
      util/net_help.c.
    - CVE-2010-0969
 -- Marc Deslauriers <email address hidden> Fri, 23 Dec 2011 08:07:43 -0500

This bug was fixed in the package unbound - 1.4.12-1ubuntu1

---------------
unbound (1.4.12-1ubuntu1) oneiric-security; urgency=high

  * SECURITY UPDATE:
  * References: CVE 2011-4528, 2011-4869 (LP: #907983)
  * Add debian/patches/CVE-2011-4528 to fix DoS with DNSSEC
    - Patch from Debian security update
 -- Scott Kitterman <email address hidden> Fri, 23 Dec 2011 00:15:46 -0500