Package: sponsorship-requests Severity: normal Dear mentors,
I am looking for a sponsor for my package "starlette": * Package name : starlette Version : 0.46.1-3+deb13u1 Upstream contact : Tom Christie <[email protected]> * URL : https://www.starlette.io/ * License : BSD-3-clause * Vcs : https://salsa.debian.org/python-team/packages/starlette Section : python The source builds the following binary packages: python3-starlette - ASGI library ideal for building high performance asyncio services To access further information about this package, please visit the following URL: https://mentors.debian.net/package/starlette/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/s/starlette/starlette_0.46.1-3+deb13u1.dsc Changes since the last upload: starlette (0.46.1-3+deb13u1) trixie; urgency=medium . * Team upload. * d/p/CVE-2025-62727.patch: Import Upstream patch to fix CVE-2025-62727 - An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files * d/changelog: Fix 0.46.1-3 changelog entry Regards, -- Polkorny
signature.asc
Description: PGP signature
