From nobody Thu Mar 28 18:28:31 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V5BtT5Kvxz5GSjP for ; Thu, 28 Mar 2024 18:30:41 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: from pv50p00im-ztdg10011301.me.com (pv50p00im-ztdg10011301.me.com [17.58.6.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4V5BtT2G75z4HR8 for ; Thu, 28 Mar 2024 18:30:41 +0000 (UTC) (envelope-from gordon@tetlows.org) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tetlows.org; s=sig1; t=1711650639; bh=T/eYvwrE1JXV6k/DtsKPaYE9JygOsOQXhA5anCYdPLA=; h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To; b=ggQfPAZAa43yZcEIOXYGTqcPuAyKzrGpXyOypvSrOHltnD14Nb75t/m5EQ0a/i1fD er+gVCkwMHHK5a4THttR+KggAAs5jRRkPlY6SN136oHQFBai7qjVZvNORW99kFcPpS WvzK6f9+LQA9BoPawyyiSWSNcEwPjfb6FaFuz0b6sLxggr5Nlbp/ynk4uHKYYVjSeX O19FoUqBoadH53+zDMqBy3xMRImSRQWwwj3SYBXTf8AEOFvmdy6jSZr0XAsnh3AD09 t0Mm0Hfx4k94aeQX/peuSGWDxbn9SXVvlMCrYhVKOWoYXA0WUvePM8anKkbjff7YDR iV1sUwCcMaYxg== Received: from smtpclient.apple (pv50p00im-dlb-asmtp-mailmevip.me.com [17.56.9.10]) by pv50p00im-ztdg10011301.me.com (Postfix) with ESMTPSA id 6F5C8180314; Thu, 28 Mar 2024 18:30:38 +0000 (UTC) Content-Type: text/plain; charset=utf-8 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.400.31\)) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-24:03.unbound From: Gordon Tetlow In-Reply-To: Date: Thu, 28 Mar 2024 11:28:31 -0700 Cc: freebsd-security@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <78C04BB8-0A32-4DD6-9BAD-027D5C086272@tetlows.org> References: <20240328075102.10441343C@freefall.freebsd.org> To: DutchDaemon - FreeBSD Forums Administrator X-Mailer: Apple Mail (2.3774.400.31) X-Proofpoint-ORIG-GUID: gvLG39UdhC-UQaKxoJxvPi4U1fLeLnkb X-Proofpoint-GUID: gvLG39UdhC-UQaKxoJxvPi4U1fLeLnkb X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-28_17,2024-03-28_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 spamscore=0 mlxlogscore=793 suspectscore=0 bulkscore=0 mlxscore=0 adultscore=0 clxscore=1030 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2308100000 definitions=main-2403280129 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:714, ipnet:17.58.0.0/20, country:US] X-Rspamd-Queue-Id: 4V5BtT2G75z4HR8 Per FreshPorts, the dns/unbound port was fixed on 14 Feb 2024 when it = was upgraded to 1.19.1. Best, Gordon > On Mar 28, 2024, at 2:25=E2=80=AFAM, DutchDaemon - FreeBSD Forums = Administrator wrote: >=20 > On 28-3-2024 08:51, FreeBSD Security Advisories wrote: >> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D >> FreeBSD-SA-24:03.unbound Security Advisory >> The FreeBSD = Project >>=20 >> Topic: Multiple vulnerabilities in unbound >>=20 >> Category: contrib >> Module: unbound >> Announced: 2024-03-28 >> Affects: FreeBSD 13.2 and FreeBSD 14.0 >> Corrected: 2024-02-17 13:45:44 UTC (stable/14, 14.0-STABLE) >> 2024-03-28 05:06:26 UTC (releng/14.0, = 14.0-RELEASE-p6) >> 2024-02-17 13:45:44 UTC (stable/13, 13.2-STABLE) >> 2024-03-28 05:07:55 UTC (releng/13.2, = 13.2-RELEASE-p11) >> CVE Name: CVE-2023-50387, CVE-2023-50868 >=20 >=20 > What is the status of the dns/unbound port? >=20