-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 20 May 2026 12:35:53 +0200 Source: bind9 Architecture: source Version: 1:9.18.49-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian DNS Team Changed-By: Ondřej Surý Changes: bind9 (1:9.18.49-1~deb12u1) bookworm-security; urgency=high . * New upstream version 9.18.49 + [CVE-2026-3592]: Limit resolver server list size. + [CVE-2026-3039]: Fix GSS-API resource leak. + [CVE-2026-5946]: Disable recursion, UPDATE, and NOTIFY for non-IN views. + [CVE-2026-5950]: Avoid unbounded recursion loop. Checksums-Sha1: 5488f6170d3c7e9750b71f0f82bc76dcaebf6fc9 3325 bind9_9.18.49-1~deb12u1.dsc 76b97204dfa8fc02526b9d67b5e89e4dc8a600db 5476288 bind9_9.18.49.orig.tar.xz c2bede70d7e9b074fb26a1ab7379cbd006597ecc 833 bind9_9.18.49.orig.tar.xz.asc c0ce059c77d391689a6db01a87df69df54d31765 61820 bind9_9.18.49-1~deb12u1.debian.tar.xz 01e82ccbf223b99606f90e24ab4d9a59f4844d92 15929 bind9_9.18.49-1~deb12u1_amd64.buildinfo Checksums-Sha256: c59dc8fc73c0d2146ed0135ba56d87840d067a474d4dd5e1b85b1be2e4ad926f 3325 bind9_9.18.49-1~deb12u1.dsc c43ce4548ebed788cd9df63658a7de105ceafba43fcd63fa352b1093e525cd24 5476288 bind9_9.18.49.orig.tar.xz 6b92ce3f446389b630b78b3f57c7c1279cc26f662fe5b2f4da318d0144d998a8 833 bind9_9.18.49.orig.tar.xz.asc f834525b4dc2678d3c6f8b556c6f84216084bafccb9bf04281b802433a96fb10 61820 bind9_9.18.49-1~deb12u1.debian.tar.xz d69ed75c651c90d27ca76ea3c5e638665e1fe5c7b8b75b412985cc79076a9024 15929 bind9_9.18.49-1~deb12u1_amd64.buildinfo Files: f4abefb71f073c5a45965e1bd11f9137 3325 net optional bind9_9.18.49-1~deb12u1.dsc 1440019616b56a6e32c8f6b52bd07583 5476288 net optional bind9_9.18.49.orig.tar.xz 19dc764f9a132a91ce95162f40cf272b 833 net optional bind9_9.18.49.orig.tar.xz.asc d920512a0c2023f1527ced3f5d9daeb4 61820 net optional bind9_9.18.49-1~deb12u1.debian.tar.xz 9f2b78ab96b70a679a0ef345806e13d2 15929 net optional bind9_9.18.49-1~deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmoNj7xfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcIh2w//aCeeWluIS2qaUQF/sP+KjarotxlPyPLNir1RdyvtJDFKU9rGLkwuRd13 xS5/TmcrFKFQbHzwY2zyejVzEKukk6Yl93VfkqCbcfqEJ30AvgR5M598p4wnl1eG EyP8fLcd2xV1UvEWnYUqUnnZKWL0vNEhbGcFmnU8cDL9tNzaVkc4w8zkiUz6gqxY yQyTtLfgTPJIRAKwW6q/7IBDUWSeCb+3FKAZhOE0pnjxqBOBjjN4hySXWdbhipJ4 oES6W0vGZvuLPcYIJLlA/Ir7Q++Z8pSI+lT7X0bS8o6lqWCbsCEk9yj9rsVL3IXw QeFAnhBAMJM6D5adBXcDu+eqrhzgbpRswXJAg6ARLJedxROVSNRWIcT/FfsSz013 EGzdUg7ih5v/MK7xVacnrGZSjzZXAGzs9S0f4Ql77oVhVid6SphpjW+sm6pJQ1QQ axQB0BaoKSJI27uI0ylhVp3Ryg04Kb1gbm/zY+ij9s9B+q7hMO17pq3lRE+Tn7Qk jmG4PaHIctq117gLk64SlYa75Gs4b+H6WMGIN5YKCYLdwhhCKI6sIPxFWAJ8H4E3 QYxaox6uDmVHe78COUnyqvPa/X1Yf7MWb6laUBYYZCJyI6VyljtbPJmdYSZHkl1Z 6xNtR8mOTAR/YrSPev8F9ac1ja7JDrvkL4RxL8WSDx+6+YCK4vE= =5KxX -----END PGP SIGNATURE-----