The gentoo ebuild enables the ipsec module, so we're affected this issue.
Genereally I am wondering why this is enabled by default, it looks like a rather obscure feature.
Fixes in 1.9.5:
(In reply to Hanno Böck from comment #0)
> The gentoo ebuild enables the ipsec module, so we're affected this issue.
> Genereally I am wondering why this is enabled by default, it looks like a
> rather obscure feature.
We set --enable-ipsecmod but we don't enable it in configuration. To quote from mentioned news article:
> This issue can _only_ be triggered when _all_ of the below conditions are met:
> - unbound was compiled with --enable-ipsecmod support, and
> - ipsecmod is enabled and used in the configuration (either in the configuration file or using unbound-control), and
> - a domain is part of the ipsecmod-whitelist (if ipsecmod-whitelist is used), and
> - unbound receives an A/AAAA query for a domain that has an A/AAAA record(s) and an IPSECKEY record(s) available.
GLSA Vote: No!
Repository is clean, all done.