From 973171b8a9280d9ff60bbf2a69d425aa67a4808c Mon Sep 17 00:00:00 2001
From: Paul Menzel <pmenzel@molgen.mpg.de>
Date: Mon, 5 Feb 2018 17:41:11 +0100
Subject: [PATCH] unbound: Update version from 1.6.3 to 1.6.8

Am 05.02.2018 um 17:29 schrieb Viktor Dukhovni:
>
> If you're using unbound as your local DNSSEC-validating
> resolver and have enabled DANE, an issue is resolved in
> unbound 1.6.8 where NSEC records for wildcards could be
> misused for invalid denial-of-existence proofs.  See:
>
>    https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-expanded-wildcard-records-ae8285f236be
>    https://unbound.net/downloads/CVE-2017-15105.txt
>
> The first article mentions that the same issue affected
> PowerDNS and Dnsmasq.  So if you're using one of those,
> you might also need to update.  While Google's public
> DNS was also affected, this is out of scope for DANE,
> as you get little security from relying on the AD bit
> from remote resolvers.
---
 unbound.be0 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/unbound.be0 b/unbound.be0
index db4cc87d2..6c25cb728 100755
--- a/unbound.be0
+++ b/unbound.be0
@@ -1,6 +1,6 @@
 #!/usr/bin/env beesh
 
-# BEE_VERSION unbound-1.6.3-0
+# BEE_VERSION unbound-1.6.8-0
 
 ## this file was created by bee init and should be executed to build a
 ## bee-package. (Additional hints are located at the end of this file.)