[Git][security-tracker-team/security-tracker][master] Add Debian bug references for unbound issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 20 15:55:10 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8ea23d4e by Salvatore Bonaccorso at 2026-05-20T16:53:48+02:00
Add Debian bug references for unbound issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -50,37 +50,37 @@ CVE-2026-3593 [Fix use-after-free error in DNS-over-HTTPS when processing HTTP/2
- bind9 1:9.20.23-1
NOTE: https://kb.isc.org/docs/cve-2026-3593
CVE-2026-44608 [Use after free and crash in RPZ code (special requirements apply)]
- - unbound <unfixed>
+ - unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
CVE-2026-44390 [Unbounded name compression in certain cases causes degradation of service]
- - unbound <unfixed>
+ - unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
CVE-2026-42960 [Possible cache poisoning attack while following delegation]
- - unbound <unfixed>
+ - unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
CVE-2026-42923 [Degradation of service with unbounded NSEC3 hash calculations]
- - unbound <unfixed>
+ - unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
CVE-2026-42534 [Jostle logic bypass degrades resolution performance]
- - unbound <unfixed>
+ - unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
CVE-2026-41292 [Parsing a long list of incoming EDNS options degrades performance]
- - unbound <unfixed>
+ - unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
CVE-2026-40622 ["Ghost domain name" variant]
- - unbound <unfixed>
+ - unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
CVE-2026-32792 [Packet of death with DNSCrypt (feasibility very low]
- - unbound <unfixed>
+ - unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
CVE-2026-42959 [Crash during DNSSEC validation of malicious content]
- - unbound <unfixed>
+ - unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
CVE-2026-42944 [Heap overflow and crash with multiple nsid, cookie, padding EDNS options]
- - unbound <unfixed>
+ - unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
CVE-2026-33278 [Possible arbitrary code execution during DNSSEC validation]
- - unbound <unfixed>
+ - unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
CVE-2026-9057 (A broken access control issue has been identified in the Talend Admini ...)
NOT-FOR-US: Talend Administration Center
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ea23d4ede58f278682bbe209c86d462496f3a08
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ea23d4ede58f278682bbe209c86d462496f3a08
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260520/525105d4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list