CVE-2019-16866 (https://nvd.nist.gov/vuln/detail/CVE-2019-16866): Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
x86 stable
amd64 stable
ppc stable
ppc64 stable
arm stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=602ec466b60ab904eefc121ee87ef66ea6dc990e commit 602ec466b60ab904eefc121ee87ef66ea6dc990e Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-10-26 17:33:39 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-10-26 17:33:39 +0000 net-dns/unbound: security cleanup (#696298) Bug: https://bugs.gentoo.org/696298 Package-Manager: Portage-2.3.78, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-dns/unbound/Manifest | 4 - net-dns/unbound/unbound-1.9.0.ebuild | 181 ------------------------------- net-dns/unbound/unbound-1.9.1-r1.ebuild | 182 -------------------------------- net-dns/unbound/unbound-1.9.1.ebuild | 181 ------------------------------- net-dns/unbound/unbound-1.9.2.ebuild | 182 -------------------------------- net-dns/unbound/unbound-1.9.3.ebuild | 182 -------------------------------- 6 files changed, 912 deletions(-)
GLSA Vote: NO! Repository is clean, all done!