From nobody Mon Jun 8 18:33:21 2026 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZ0zQ1dftz6gWjT for ; Mon, 08 Jun 2026 18:33:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZ0zQ0PZgz3Q7y for ; Mon, 08 Jun 2026 18:33:22 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1780943602; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=O38EeAU9ZPkni10+afDGEgUVozSG/4QsFE7p3v7KLt4=; b=lo3SsBrr+cP4jKa3tml1emarbOGALvXtN1Oe0By+6TMgqSTBatUbPC4fouRFaAFoeCWU+v 1vFueqpf5hrX08YIPROFM0sdBY/Es5t3knCPloc+TPiKDptPLU6YppsLATSgMfMM34NW00 jP2MVtrRbOJWRO8AjhFdqA9cpCIDTnh7WIzg4t4YEh2LVKauQKOQiPvH7oYdENScSiT//h pQ3TVZNrI6ba5jwQqSjB/bSbi+HgsoolEm1Q34YefzV/bzRTqnNbXY/4QQ1x2s2exgS4Dq mmhHy1xjKvgQ+NY1VMtd1X/lytIlBcXAzYntKYs1SISSQY8jevWT56JVcVWEtg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1780943602; a=rsa-sha256; cv=none; b=fQf1XpXqrnALt74uDWSDYVhR/ehiaHbeUjXdWcrv+QN5jfLr0iXxc9tMnSADz6dt2I68k2 LUsS9AvQxJwhfPrJT1HQLprK7/UYFzFHse7oBh0NoJWUKuXvKPqOc3V4Cq5oKdinQ4694v uaJP/Rx23CCvC15BiJHYO7HioV1xrhhZmO7hYQ0/0OOGPdfUy7GSnLKJlB0s76b7T5ojOj LPaeJpqTPDmW2B5EfrlJALz1o5DGgAfRRkufbb9bjzmLq/WbwIkmvHIt8MDewCtrT2hbCe f5roaMyi8czxjYs3QIf5z/aStZx1wgRrN8TCONdoHsadogNrMzvo3s/hhIKYaA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1780943602; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=O38EeAU9ZPkni10+afDGEgUVozSG/4QsFE7p3v7KLt4=; b=gjipSpuVgT2SBrzCjgc8gl+VRLEONLbA1lG+TzrDz/VKhqmFLOBKn6nyVdAaE7nwA3tHLY aazsxr17BwDPV1AEAx1qLQjMWxefPfiyy5X5RnIsF26JwGfS60iLdSlt9oQW3jDaY0hlEv rW3q7PXUaWSulHmpW3ccL9c8ntaWUTDOITvgNayRJxLvkZnvUzVkvn+ryaedORzkE085hh Gr4RXW8QHb7SiP9Qe8k50KP7Rl4tJWmUt61snaRwolqi88J+mCkRYoVHH0KExD5uc/kfMY pqjEbz2Ir8JRmQmU4LOmsgpITzCONfz62qfAfjoHjYyzy61HD3B8tVRzlwhqPg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gZ0zP6xtSz10NJ for ; Mon, 08 Jun 2026 18:33:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 384db by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Mon, 08 Jun 2026 18:33:21 +0000 To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: R. Christian McDonald Subject: git: 46134cbeded2 - main - security/vuxml: Document multiple Unbound vulnerabilities List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rcm X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 46134cbeded247b3d0e2077c58257215fe426c27 Auto-Submitted: auto-generated Date: Mon, 08 Jun 2026 18:33:21 +0000 Message-Id: <6a270af1.384db.4955cf33@gitrepo.freebsd.org> The branch main has been updated by rcm: URL: https://cgit.FreeBSD.org/ports/commit/?id=46134cbeded247b3d0e2077c58257215fe426c27 commit 46134cbeded247b3d0e2077c58257215fe426c27 Author: R. Christian McDonald AuthorDate: 2026-06-08 18:28:53 +0000 Commit: R. Christian McDonald CommitDate: 2026-06-08 18:33:18 +0000 security/vuxml: Document multiple Unbound vulnerabilities * CVE-2026-32792 * CVE-2026-33278 * CVE-2026-40622 * CVE-2026-41292 * CVE-2026-42534 * CVE-2026-42923 * CVE-2026-42944 * CVE-2026-42959 * CVE-2026-42960 * CVE-2026-44390 * CVE-2026-44608 References: https://www.nlnetlabs.nl/projects/unbound/security-advisories/ PR: 295442 Sponsored by: Rubicon Communications, LLC ("Netgate") --- security/vuxml/vuln/2026.xml | 58 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index a36d0f8ad807..64b2412d3093 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,61 @@ + + Unbound -- Multiple vulnerabilities + + + unbound + 1.25.1 + + + + +

NLnet Labs reports:

+
+

This release consolidates security fixes for issues reported + over a period of time. There are fixes for:

+
    +
  • CVE-2026-33278: Possible remote code execution during + DNSSEC validation.
    • +
  • CVE-2026-42944: Heap overflow and crash with multiple + nsid, cookie, padding EDNS options.
    • +
  • CVE-2026-42959: Crash during DNSSEC validation of + malicious content.
    • +
  • CVE-2026-32792: Packet of death with DNSCrypt.
    • +
  • CVE-2026-40622: "Ghost domain name" variant.
    • +
  • CVE-2026-41292: Parsing a long list of incoming EDNS + options degrades performance.
    • +
  • CVE-2026-42534: Jostle logic bypass degrades resolution + performance.
    • +
  • CVE-2026-42923: Degradation of service with unbounded + NSEC3 hash calculations.
    • +
  • CVE-2026-42960: Possible cache poisoning attack while + following delegation.
    • +
  • CVE-2026-44390: Unbounded name compression in certain + cases causes degradation of service.
    • +
  • CVE-2026-44608: Use after free and crash in RPZ code.
    • +
+
+ + + + CVE-2026-32792 + CVE-2026-33278 + CVE-2026-40622 + CVE-2026-41292 + CVE-2026-42534 + CVE-2026-42923 + CVE-2026-42944 + CVE-2026-42959 + CVE-2026-42960 + CVE-2026-44390 + CVE-2026-44608 + https://www.nlnetlabs.nl/projects/unbound/security-advisories/ + + + 2026-05-20 + 2026-06-08 + + + strongSwan -- Double-free when destroying certain cloned identities that can lead to remote code execution