From 24d8e4e82cb91a3a18fad701765b9299b96359b2 Mon Sep 17 00:00:00 2001 From: Peng Zhang Date: Wed, 21 Feb 2024 07:15:41 +0000 Subject: [PATCH] libunbound: Upgrade to 1.13.1-1+deb11u2 Upgrade package libunbound8 and libunbound-dev from 1.13.1-1+deb11u1 to 1.13.1-1+deb11u2 in order to fixing the CVE issue CVE-2023-50387 and CVE-2023-50868. Refer to: https://nvd.nist.gov/vuln/detail/CVE-2023-50387 https://nvd.nist.gov/vuln/detail/CVE-2023-50868 https://security-tracker.debian.org/tracker/DSA-5620-1 TestPlan: PASS: downloader; build-pkgs; build-image PASS: Jenkins Installation Closes-Bug: 2054276 Change-Id: I646be1b0d6c0f8be2108a68d1ac1c9ad78eee519 Signed-off-by: Peng Zhang --- debian-mirror-tools/config/debian/common/base-bullseye.lst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian-mirror-tools/config/debian/common/base-bullseye.lst b/debian-mirror-tools/config/debian/common/base-bullseye.lst index 3df6635f..4db61b21 100644 --- a/debian-mirror-tools/config/debian/common/base-bullseye.lst +++ b/debian-mirror-tools/config/debian/common/base-bullseye.lst @@ -704,8 +704,8 @@ libtsan0 10.2.1-6 libubsan1 10.2.1-6 libuchardet0 0.0.7-1 libudev1 247.3-7+deb11u1 https://snapshot.debian.org/archive/debian/20220829T032859Z/pool/main/s/systemd/libudev1_247.3-7+deb11u1_amd64.deb -libunbound8 1.13.1-1+deb11u1 https://snapshot.debian.org/archive/debian/20230508T030704Z/pool/main/u/unbound/libunbound8_1.13.1-1+deb11u1_amd64.deb -libunbound-dev 1.13.1-1+deb11u1 https://snapshot.debian.org/archive/debian/20230508T030704Z/pool/main/u/unbound/libunbound-dev_1.13.1-1+deb11u1_amd64.deb +libunbound8 1.13.1-1+deb11u2 https://snapshot.debian.org/archive/debian-security/20240214T064720Z/pool/updates/main/u/unbound/libunbound8_1.13.1-1%2Bdeb11u2_amd64.deb +libunbound-dev 1.13.1-1+deb11u2 https://snapshot.debian.org/archive/debian-security/20240214T064720Z/pool/updates/main/u/unbound/libunbound-dev_1.13.1-1%2Bdeb11u2_amd64.deb libunistring2 0.9.10-4 liburing-dev 0.7-3 liburing1 0.7-3