CVE-2017-15105 (https://nvd.nist.gov/vuln/detail/CVE-2017-15105): A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
Fixed via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29d405ed2e3d4e1f5d9add5a0f1702f1ac85cd57
tree is clean