On 26 Nov 2025, at 14:47, Shawn Webb wrote: > On Wed, Nov 26, 2025 at 03:58:13PM +0000, Gordon Tetlow wrote: >> The branch main has been updated by gordon: >> >> URL: >> https://cgit.FreeBSD.org/src/commit/?id=2a3a6a1771148a709c2d9694c1d66c41ce8dee79 >> >> commit 2a3a6a1771148a709c2d9694c1d66c41ce8dee79 >> Author: Gordon Tetlow <[email protected]> >> AuthorDate: 2025-11-21 21:24:58 +0000 >> Commit: Gordon Tetlow <[email protected]> >> CommitDate: 2025-11-26 15:57:33 +0000 >> >> Mitigate YXDOMAIN and nodata non-referral answer poisoning. >> >> Add a fix to apply scrubbing of unsolicited NS RRSets (and their >> respective address records) for YXDOMAIN and nodata non-referral >> answers. This prevents a malicious actor from exploiting a possible >> cache poison attack. >> >> Obtained from: NLnet Labs >> Security: CVE-2025-11411 > > Hey Gordon, > > Do you know if this fix was the incomplete one from Unbound 1.24.1? Or > does this include the additional fix that landed in 1.24.2 earlier > today?
FreeBSD main, stable/15, and releng/15.0 already had 1.24.1. Those branches received the supplemental patch from 1.24.2 that was released today (which is what this commit is). FreeBSD stable/14, releng/14.3, stable/13, and releng/13.5 all received the minimal patch provided by the vendor that contained both the original 1.24.1 fix and today’s 1.24.2 fix. Best, Gordon
signature.asc
Description: OpenPGP digital signature
