unbound is vulnerable to a Denial of service attack through specially crafted DNS records causing an infinite loop of delegations. Fixed in upstream's 1.5.1.
Bug 530928 is pretty minor, and should probably not block this.
Feel free to stabilize if you want, just note bug #531068.
Arches, please test and mark stable: =net-dns/unbound-1.5.1-r2 Target Keywords : "amd64 ppc x86" Thank you!
This requires a lot of unstable depend. Could you provide a full list?
amd64 stable
x86 stable
net-dns/unbound/unbound-1.5.1-r2.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['dev-libs/fstrm[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=dev-libs/protobuf-c-1.0.2-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
(In reply to Pacho Ramos from comment #7) Please see bug 531068 to rekeyword unbound and dependencies.
ppc/ppc64 done
security team, the arches did the work I think ;)
@maintainer(s), please clean vulnerable versions: net-dns/unbound-1.4.22-r1
Cleaned: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87e0a6b3e542aecaf9098c424f403c3cc39e3d23 GLSA Vote: No