update: bind

[dongsupark]

Name: bind
CVEs: CVE-2025-13878
CVSSs: 7.5
Action Needed: update to >= 9.18.44

Summary: Malformed BRID/HHIT records can cause named to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.

See also https://bugzilla.redhat.com/show_bug.cgi?id=2431600, https://seclists.org/oss-sec/2026/q1/98.

Note: we keep this issue separate from #1957, which will be soon fixed by weekly updates flatcar/scripts#3641.

Note: as usual, I do not believe this CVE would affect Flatcar so much, as we do not ship named itself.

refmap.gentoo: TBD