release-1.23.1

Unbound 1.23.1

This security release fixes the Rebirthday Attack CVE-2025-5994.

This re-opens up resolvers to a birthday paradox, for EDNS client subnet
servers that respond with non-ECS answers. It only affects Unbound when
compiled with --enable-subnet, and subnetmod is enabled with config
options that send ECS information to upstream servers.

The CVE is described here
https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt

We would like to thank Xiang Li (AOSP Lab, Nankai University) for
discovering and responsibly disclosing the vulnerability.

Bug Fixes:
- Fix RebirthDay Attack CVE-2025-5994, reported by Xiang Li from
  AOSP Lab Nankai University.
-----BEGIN PGP SIGNATURE-----

iQJIBAABCAAyFiEE7fqj8spObrBWga+On28cLX4EX40FAmh3YJoUHHdvdXRlckBu
bG5ldGxhYnMubmwACgkQn28cLX4EX43aww//Xq/1MnEw8fcl/FXalxMbG0nnHu2U
XkC7K7v6g4yWxM1/oYxSJRYgfB1bNSD7UgeJoUsHiby3PAfjdhDNmVl8vo8fI4bh
VIg+AwQdZQS/3qRcrtCb88owI+/1zyCAi7HSZWC/w0USbiLfjP6AvphUtooBJE6L
qJbbewP5qwCzyNwwCGKdWeb9sBjAax/s38tzuRiwIxHlTtEM+5BHp+PQySi0b33c
aiumZ02DU+qwSfqVA9eEK1SQqcQqXg8ptSA3aCP1pD5LI6ncfopA05eGM7ar0gAW
7NlZP3aDBHAl0S1Hd/lZlKOf1gF/KHhzfywpXb+6WcqjFY1poYyP0bJ+zxICag2r
ev0cysHYdFHxNiUwSqgREfePdTCMglKH9FeDhhdHIs2UrgamAMDM/KAdC7ZPBo+T
lhh1CUnbHnoDFmKmGPx52UThiw+mAv0CexoIAbkfazw+LYuhhxkLS9I7OdQ5Uy3c
aEoiSwQylFSdEG0KryJjyZ4XSYxMMuK12iNn3SDNkRF+v4wIHOnvkA8W93TtCGrV
uHdrcIGBUXsBqvVbsL9bYaODwdJmOL6aneIV8qVXwTU47ir+AZOJTxZnOO5cBVDU
abIfwmm0t98CWBrIZFF7ra63ypBx7Dw/mKHEdXbOI/4KlI2c7nVh+x4Zb9qjbPwG
GozjhR2t1tCH+Zo=
=z0+K
-----END PGP SIGNATURE-----