-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 20 May 2026 12:21:44 +0200 Source: bind9 Architecture: source Version: 1:9.20.23-1~deb13u1 Distribution: trixie-security Urgency: high Maintainer: Debian DNS Team Changed-By: Ondřej Surý Changes: bind9 (1:9.20.23-1~deb13u1) trixie-security; urgency=high . * New upstream version 9.20.23 + [CVE-2026-3592]: Limit resolver server list size. + [CVE-2026-3039]: Fix GSS-API resource leak. + [CVE-2026-5946]: Disable recursion, UPDATE, and NOTIFY for non-IN views. + [CVE-2026-5950]: Avoid unbounded recursion loop. + [CVE-2026-5947]: Fix crash in resolver when SIG(0)-signed responses are received under load. + [CVE-2026-3593]: Fix use-after-free error in DNS-over-HTTPS when processing HTTP/2 SETTINGS frames. Checksums-Sha1: cc286de1816cbb75f4dce7cee0497d4a93d6e6ea 3197 bind9_9.20.23-1~deb13u1.dsc 8689881a59644ce236cabe885c6a4c04544eac50 5837532 bind9_9.20.23.orig.tar.xz 7c309a6bdc3e90ed99e0099d3b6de1ec56451e2d 833 bind9_9.20.23.orig.tar.xz.asc c5356301d5c06817494a6081ba2cd1cf975d4c97 62240 bind9_9.20.23-1~deb13u1.debian.tar.xz 04a8e4350791328201d331a190919cf1faf0d8b4 14908 bind9_9.20.23-1~deb13u1_amd64.buildinfo Checksums-Sha256: 96fd588129489993b5f32b1e96f2787797f978950d4aa00d1ad7370e3c642eb0 3197 bind9_9.20.23-1~deb13u1.dsc 5d4475aed3f9e500ef554b2b14d972bdb83d33de214a9b3be92918ea46908371 5837532 bind9_9.20.23.orig.tar.xz db7a5ba95b4c313014b182638c050f28fc081f5bbf7ac0ba2a88306fec33ee24 833 bind9_9.20.23.orig.tar.xz.asc ab489983e983608b4afc9469cd6a862dac863d0634ca8e521532d29d9646e8b0 62240 bind9_9.20.23-1~deb13u1.debian.tar.xz 879e5726a89a6de52564ab4e07f24e61457d812477de8630dd089d45b28f04c0 14908 bind9_9.20.23-1~deb13u1_amd64.buildinfo Files: 9f98d4cb375af9fd3f519ce16e658ae9 3197 net optional bind9_9.20.23-1~deb13u1.dsc cd1b3abd06b03b2db33a9a843e8cbab1 5837532 net optional bind9_9.20.23.orig.tar.xz ffa65fa1cdca09f823e463deecfaeb54 833 net optional bind9_9.20.23.orig.tar.xz.asc b0288413abe07b62917d34f9ad0bc742 62240 net optional bind9_9.20.23-1~deb13u1.debian.tar.xz f66376153f53ceb359f003f201435ef7 14908 net optional bind9_9.20.23-1~deb13u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmoNjmBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcLKFw/+PcJbToMm/mtID2BCtUFvKIgTIQH62TzDn3ARypQyMmUP2r0uOl+sWbu/ kjmW5xvr4GsqgUWeovjwAXjDySCFAaZU0kNBzNQK6zNlv0BuKaGR+RoWkZIdO4gx mJaFfiA+6NwLWugK6BGTPBK2NFyM59lYBgri/w7UMl/uM3FsLXG6ui4Zw39i3oAm 9D42NMbA61UfqAzJHFgFC3Pyf0gSDBLEd+/XdmJBbv9wcBxIWt0Ec0J3FtoMEIUe k74HC0G21v0bl3ETO6cxtygkbqOKwBRicn0rQ7W/YuqDr4iDxpVsPB2YQwG8drNJ hEpJaBCxYrmMsCoKD1bbebtNezmBDha4SjILHNWqU5sTqTK/7ejXnOPQbfaxLMBY urk4yboqpJ4rF8I9aytbpdWhw+lE4Cg+oCD25+JqzVFnEQwq6dN6BEBWGS6gl3kH nz+WgEOas4iH6hMb2rPKL0QYFiUi+k/K7WaMuShXW5ezQx1zjhQntGVATg5ZVWzd lhbtAiXJtmvg2+TuufQtSZxu4r+YZKNiNkxvXvCioVPF5pAJjBtGnXma+juKisbj aO7X2wI4bWoCQBAxQcoRYvQKaSKRUJhXN975Moso8+WbuN0dJekfJ5iqurBmkh8t VqseMvSlYzHcHR0N/rdqwPsRgfOjSSxkR7BTT1h7DJb1mGsEkBA= =6TNq -----END PGP SIGNATURE-----