There isn't much more info, but the changelog of unbound 1.8.3 says: - Fix dns64 allocation in wrong region for returned internal queries. - And 1.8.3 release with this dns64 crash fix included. Crashing a DNS resolver seems bad enough to treat it as a security issue. 1.8.3 is already in the tree, can we stabilize it?
We will go with =net-dns/unbound-1.9.0 which also contains patches from DNS flag day.
x86 stable
amd64 stable
arm stable
@ppc/ppc64, ping.
Looking good on ppc. # cat unbound-677054.report USE tests started on Sa 16. Mär 13:40:59 CET 2019 FEATURES=' test' USE='' succeeded for =net-dns/unbound-1.9.0 USE='dnscrypt ecdsa ecs -gost -libressl -python redis -static-libs -systemd -threads' succeeded for =net-dns/unbound-1.9.0 USE='dnscrypt ecdsa ecs -gost -libressl -python -redis static-libs -systemd -threads' succeeded for =net-dns/unbound-1.9.0 USE='-dnscrypt ecdsa ecs -gost -libressl -python redis static-libs -systemd -threads' succeeded for =net-dns/unbound-1.9.0 USE='dnscrypt ecdsa -ecs gost libressl -python redis static-libs -systemd -threads' : blocked packages (probably) for =net-dns/unbound-1.9.0 USE='-dnscrypt ecdsa -ecs gost libressl -python -redis -static-libs systemd -threads' : blocked packages (probably) for =net-dns/unbound-1.9.0 USE='-dnscrypt -ecdsa -ecs -gost -libressl -python redis static-libs systemd -threads' succeeded for =net-dns/unbound-1.9.0 USE='dnscrypt -ecdsa ecs gost -libressl -python -redis -static-libs -systemd threads' succeeded for =net-dns/unbound-1.9.0 USE='dnscrypt -ecdsa -ecs -gost -libressl -python -redis -static-libs systemd threads' succeeded for =net-dns/unbound-1.9.0 USE='dnscrypt -ecdsa -ecs gost -libressl -python -redis -static-libs systemd threads' succeeded for =net-dns/unbound-1.9.0 USE='-dnscrypt -ecdsa ecs -gost -libressl -python redis -static-libs systemd threads' succeeded for =net-dns/unbound-1.9.0 USE='dnscrypt ecdsa -ecs -gost libressl -python -redis static-libs systemd threads' : blocked packages (probably) for =net-dns/unbound-1.9.0 USE='dnscrypt -ecdsa ecs gost -libressl -python redis static-libs systemd threads' succeeded for =net-dns/unbound-1.9.0 revdep tests started on Sa 16. Mär 14:52:58 CET 2019 FEATURES=' test' USE='dane' succeeded for net-libs/gnutls FEATURES=' test' USE='strongswan_plugins_unbound' succeeded for net-vpn/strongswan
Looking good on ppc64. # cat unbound-677054.report USE tests started on Sa 16. Mär 18:07:40 CET 2019 FEATURES=' test' USE='' succeeded for =net-dns/unbound-1.9.0 USE='dnscrypt -ecdsa ecs gost -libressl -python -redis -static-libs -systemd -threads' succeeded for =net-dns/unbound-1.9.0 USE='-dnscrypt ecdsa -ecs -gost libressl -python redis -static-libs -systemd -threads' : blocked packages (probably) for =net-dns/unbound-1.9.0 USE='-dnscrypt -ecdsa ecs gost libressl -python redis static-libs -systemd -threads' : blocked packages (probably) for =net-dns/unbound-1.9.0 USE='-dnscrypt ecdsa ecs gost -libressl -python -redis -static-libs systemd -threads' succeeded for =net-dns/unbound-1.9.0 USE='dnscrypt ecdsa -ecs gost libressl -python redis -static-libs systemd -threads' : blocked packages (probably) for =net-dns/unbound-1.9.0 USE='dnscrypt ecdsa -ecs -gost -libressl -python -redis static-libs systemd -threads' succeeded for =net-dns/unbound-1.9.0 USE='-dnscrypt ecdsa ecs -gost -libressl -python redis static-libs systemd -threads' succeeded for =net-dns/unbound-1.9.0 USE='dnscrypt ecdsa -ecs gost libressl -python -redis -static-libs -systemd threads' : blocked packages (probably) for =net-dns/unbound-1.9.0 USE='-dnscrypt ecdsa ecs -gost -libressl -python redis -static-libs -systemd threads' succeeded for =net-dns/unbound-1.9.0 USE='-dnscrypt -ecdsa ecs gost -libressl -python redis static-libs -systemd threads' succeeded for =net-dns/unbound-1.9.0 USE='dnscrypt -ecdsa ecs -gost libressl -python -redis static-libs systemd threads' : blocked packages (probably) for =net-dns/unbound-1.9.0 USE='-dnscrypt -ecdsa -ecs -gost libressl -python redis static-libs systemd threads' : blocked packages (probably) for =net-dns/unbound-1.9.0 revdep tests started on Sa 16. Mär 18:19:04 CET 2019 FEATURES=' test' USE='dane' succeeded for net-libs/gnutls
ppc/ppc64 stable thanks to ernsteiswuerfel!
This issue was resolved and addressed in GLSA 201904-03 at https://security.gentoo.org/glsa/201904-03 by GLSA coordinator Aaron Bauman (b-man).