New unbound for Debian available [1.10.1]

Nothing do with Pi-hole; just a place to talk about other stuff.


Bug Fixes:

  • CVE-2020-12662 Unbound can be tricked into amplifying an incoming
    query into a large number of queries directed to a target.
  • CVE-2020-12663 Malformed answers from upstream name servers can be
    used to make Unbound unresponsive.


Thanks mibere and I saw that closed topic. I wanted to share that the package is now available directly for Debian and so no compiling is needed.

This was a really fast release in Debian.

It is only available in Sid though - which is classified as unstable.
Bullseye is in testing (and is the next one after Buster) and has version 1.10.0 within its packages.
Buster (the current release) has version 1.9.0

In a few day it mostly is also available Bullseye. If you sort out the dependencies you can install it also. In my case it running on Jessie which took a lot of work in several updates in time.

Unbound is now also in Bullseye (testing).

The stable version of Unbound in Debian had also it's security patch:

1 Like