Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected], 
[email protected], [email protected], [email protected], [email protected]
Control: affects -1 + src:starman
User: [email protected]
Usertags: pu

Hi

starman in trixie was prone to CVE-2026-40560 and got fixed for forky
with a new upstream version 0.4018. The only changes between 0.4017 as
in trixie and the fixed version was the security fix *and* some
documentation fixes. So we opted to just import 0.4018 in trixie as
well.

|  * Import upstream version 0.4018.
|    - Fix HTTP request smuggling: Transfer-Encoding now takes precedence
|      over Content-Length per RFC 7230 ยง3.3.3 (CVE-2026-40560)
|    Closes: #1135229

Upload was tested on debusine under:
https://debusine.debian.net/debian/developers/work-request/904801/

Regards,
Salvatore

Reply via email to