Hi Security Team,
The LTS project would like to keep supporting 'unbound', for which
security support was dropped last May (DSA 4694-1), IIRC due to the
risks of maintaining a version that was not supported upstream anymore.
The plan we identified is to backport buster's versions
(1.9.0-2+deb10uX), along with rebuilding 3 reverse dependencies
(getdns/gnutls28/opendkim) to use the newer libunbound8, which appears
backward-compatible. The version scheme could be 1.9.0-2+deb10uX~deb9uY.
Would you be OK with this plan?
(Adding maintainer Robert Edmonds in Cc: as well, in case we missed a
blocking issue.)
Cheers!
Sylvain Beucler
Debian LTS Team
