See https://nlnetlabs.nl/projects/unbound/security-advisories/ for details on the CVE. The provided patch at https://nlnetlabs.nl/downloads/unbound/patch_CVE-2024-8508.diff cleanly applies to both version 1.19.3 and 1.20.0 currently in the tree and the resulting binaries seem to run fine. Reproducible: Always
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=177c7343405ee3e93d69ddfc22c5cfc25cba2bdd commit 177c7343405ee3e93d69ddfc22c5cfc25cba2bdd Author: Christopher Fore <csfore@posteo.net> AuthorDate: 2025-03-30 20:03:55 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-04-03 15:25:57 +0000 net-dns/unbound: drop 1.19.3 Bug: https://bugs.gentoo.org/941857 Signed-off-by: Christopher Fore <csfore@posteo.net> Signed-off-by: Sam James <sam@gentoo.org> net-dns/unbound/Manifest | 2 - net-dns/unbound/unbound-1.19.3.ebuild | 218 ---------------------------------- 2 files changed, 220 deletions(-)
