Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] Control: affects -1 + src:starman User: [email protected] Usertags: pu
Hi starman in trixie was prone to CVE-2026-40560 and got fixed for forky with a new upstream version 0.4018. The only changes between 0.4017 as in trixie and the fixed version was the security fix *and* some documentation fixes. So we opted to just import 0.4018 in trixie as well. | * Import upstream version 0.4018. | - Fix HTTP request smuggling: Transfer-Encoding now takes precedence | over Content-Length per RFC 7230 ยง3.3.3 (CVE-2026-40560) | Closes: #1135229 Upload was tested on debusine under: https://debusine.debian.net/debian/developers/work-request/904801/ Regards, Salvatore

