Your message dated Thu, 28 May 2026 11:41:10 +0000
with message-id <[email protected]>
and subject line Bug#1137375: fixed in starlette 1.1.0-1
has caused the Debian Bug report #1137375,
regarding starlette: CVE-2026-48710
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1137375: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137375
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: starlette
Version: 1.0.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for starlette.
CVE-2026-48710[0]:
| starlette Ignore malformed Host header when constructing request.url
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-48710
https://www.cve.org/CVERecord?id=CVE-2026-48710
[1] https://x41-dsec.de/lab/advisories/x41-2026-002-starlette/
[2] https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr
[3]
https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6
[4] https://github.com/Kludex/starlette/pull/3279
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: starlette
Source-Version: 1.1.0-1
Done: Bastian Germann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
starlette, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Germann <[email protected]> (supplier of updated starlette package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 28 May 2026 13:00:46 +0200
Source: starlette
Architecture: source
Version: 1.1.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Bastian Germann <[email protected]>
Closes: 1137375
Changes:
starlette (1.1.0-1) unstable; urgency=medium
.
* Team upload
* New upstream version 1.1.0 (Closes: #1137375, CVE-2026-48710)
Checksums-Sha1:
069a831235d30f849478a535c8d54905c4d62572 2343 starlette_1.1.0-1.dsc
43643f819056d27d0b4ab5edddd7a78652861912 2658703 starlette_1.1.0.orig.tar.gz
5201735186ddf18b89465358a796de1cf1b2acec 5296 starlette_1.1.0-1.debian.tar.xz
526a2ee1df223746bd011cf08e2aedd9c078f1ce 7892
starlette_1.1.0-1_source.buildinfo
Checksums-Sha256:
374890208f6a9b273fc17ccf6a8c6d28cc4f0ee7626faa0ff62a530ad38ebc06 2343
starlette_1.1.0-1.dsc
9405f445df1a8bdb6de3e468ddba70e4a9f65b100909f192773bbef14939dc12 2658703
starlette_1.1.0.orig.tar.gz
3e80adf901b9cc960427fb96b04d035ccb39bc31689fca0d3964c3237042bbe2 5296
starlette_1.1.0-1.debian.tar.xz
d4c2d2bc87d5e6ceef72f34905a8d427b5670c2d16802da487a64be9f7817d72 7892
starlette_1.1.0-1_source.buildinfo
Files:
aab14978b4d627b686024bd274ce9b60 2343 python optional starlette_1.1.0-1.dsc
f7340f64675cc0d52e2b813b44dbf87d 2658703 python optional
starlette_1.1.0.orig.tar.gz
12cadfdd2597e834ff25a3bd1e441a63 5296 python optional
starlette_1.1.0-1.debian.tar.xz
562aaab0975ddfee6844e0c13e97e109 7892 python optional
starlette_1.1.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmoYIjwQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFAqnC/49jDxyHB/44GQe1dBFFE3r6vdM4MWVtopj
GDI+TcrPC53UY3gcWFYc7FXbaQFMtrf5aNkaGfy/Cl/44nBdA29ZnkgNTLZPVEDg
hefUCj4ykn6kzfRGgMQQJss1qaYFw+VjXszX+TqujKmJkzAMNew/3f1h/kzHvZeX
JsxGDT8xL3bad0Wr1qf704qONzRVodeJ+HHX7nrmAFXmZshVIpkTork/HvzklXk8
PYE/KPYxyK5S0vMTK9YWSEl0YUqrgPoz2/SAP/sJMtl7lLoffPLsgpaH8lixwpir
V6WahJRvM0m44tcl6ht4VxBzCs8pZ6AIgQmoivP5vTdNUUjZyTX0SafqKs1jE8mu
+6NLQI28MdjKieZvr39vz9PSqZVK7BTKkxK/9803wBpyV5p4M9R8x7a+lJ1peGIq
SXJzd6Op6lB5GAtjAlJY6NMUmy+s2tOxQwHR86jnOnLW4D6qrGfsFFKqaJ9BcoCO
BUhSGbOLLhbAGV1N1Fsgz1L0W67yEhg=
=uEzi
-----END PGP SIGNATURE-----
pgpPvQDLA2snK.pgp
Description: PGP signature
--- End Message ---
