Your message dated Thu, 28 May 2026 13:03:15 +0000
with message-id <[email protected]>
and subject line Bug#1137375: fixed in starlette 0.46.1-3+deb13u2
has caused the Debian Bug report #1137375,
regarding starlette: CVE-2026-48710
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1137375: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137375
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: starlette
Version: 1.0.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for starlette.
CVE-2026-48710[0]:
| starlette Ignore malformed Host header when constructing request.url
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-48710
https://www.cve.org/CVERecord?id=CVE-2026-48710
[1] https://x41-dsec.de/lab/advisories/x41-2026-002-starlette/
[2] https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr
[3]
https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6
[4] https://github.com/Kludex/starlette/pull/3279
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: starlette
Source-Version: 0.46.1-3+deb13u2
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
starlette, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated starlette package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 25 May 2026 17:26:48 +0200
Source: starlette
Architecture: source
Version: 0.46.1-3+deb13u2
Distribution: trixie-security
Urgency: medium
Maintainer: Piotr Ożarowski <[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 1137375
Changes:
starlette (0.46.1-3+deb13u2) trixie-security; urgency=medium
.
* CVE-2026-48710 (Closes: #1137375)
Checksums-Sha1:
e7497b163ca41579e4a7d62a26515725ed3c4137 2492 starlette_0.46.1-3+deb13u2.dsc
9b40ecf58e5118bae9fc5b2c0f8f9cef1ade3971 2580102 starlette_0.46.1.orig.tar.gz
3abd9d06043e431589db36f0ca15efeb9f9a24fd 8808
starlette_0.46.1-3+deb13u2.debian.tar.xz
54f0831452702ad72b31c8b07ed724c89f2dd6b7 8039
starlette_0.46.1-3+deb13u2_amd64.buildinfo
Checksums-Sha256:
77defc525737ee47ed8a277d37835d66bc43a48729e2054bddadf4d55683578c 2492
starlette_0.46.1-3+deb13u2.dsc
3c88d58ee4bd1bb807c0d1acb381838afc7752f9ddaec81bbe4383611d833230 2580102
starlette_0.46.1.orig.tar.gz
918dd8ec360165e9bc7414ca44644b37518599688de8ad898c210cc8a0c133b8 8808
starlette_0.46.1-3+deb13u2.debian.tar.xz
769b1b1f04ef0f81ad52738dddd0cb46bf7be4a6fb1d544c4dec10beb9f21565 8039
starlette_0.46.1-3+deb13u2_amd64.buildinfo
Files:
920c64b489bec16389fb904e5ec1bfca 2492 python optional
starlette_0.46.1-3+deb13u2.dsc
01d82f7d2cc4509628ee4a97e8618c5e 2580102 python optional
starlette_0.46.1.orig.tar.gz
28b67275dd5fbc8247203b01a13103a2 8808 python optional
starlette_0.46.1-3+deb13u2.debian.tar.xz
c176f19da272b0174a145c864700389b 8039 python optional
starlette_0.46.1-3+deb13u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoWDEwACgkQEMKTtsN8
TjZX0hAApVomdu6rvVZwYhJyBXxYEgVMmgM79Ky4x5qlp3oa8NiRiXmRiADWqyNb
MaAUNo3i2bmqK23TxAgO/l0WV5LAELOb7V1LWRuyDRFfBMOm3ikIzLpafD0XKR8c
v8E0MhxXQyo1YyL7UqEXEZLY3PQ+xUci4gsjPlqCeugA3chP5xA096jxvk9PNVSQ
x/xtJ0GwSZqASI9PB8eXOaab++R4XScOzGLrk/LuplFdnOiCbkLtKpCMjE8+Lr2J
PgR4xOqs3QNgXtvbYDwaI4phs7VOu9V08W8LRDJgAqSJdgfHIVqxKLgtsy5cJcij
bTsuNkP8uS7fVaKx73sFeViMhnMtSc5AOVFQi2qs0Z9Uw1Zea8ScsuZ95PyyUEsq
pwA1KNfz9aj45wudwdv8Elt9+ywsyBiYiSVXkLVceY32t0g5Q8UuSZNFyE66rJnm
9IZ/Ag+1Xm6i9BUov8uDzZj73N2ezCM4L+0fIlGXvMqHrqO85iSvWMdNTbCXOlMC
bdSc59oaCK8uf71YY3AYRDmDjsiCDDQKXdzo8r+Jr2vULnmEGed7LAJDN5oH9ve/
QhtE58R9P/+ZSjGECciWx8xKbZgXFHXytdfp+x/du1+x1Gu6s3zf5OPSr0TODuNA
2w4e7qamOmaRDLOBmV4m55wZTULxYqofv/VpJv4PMOWKF9oJziQ=
=QSkQ
-----END PGP SIGNATURE-----
pgpXfiTV6_eoW.pgp
Description: PGP signature
--- End Message ---
