-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 22 May 2026 13:26:42 -0300
Source: starlette
Binary: python3-starlette
Architecture: all
Version: 0.26.1-1+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Matheus Polkorny <mpolkorny@gmail.com>
Description:
 python3-starlette - ASGI library ideal for building high performance asyncio services
Closes: 1085295 1109805 1137375
Changes:
 starlette (0.26.1-1+deb12u1) bookworm-security; urgency=medium
 .
   * Team upload.
   * d/gbp.conf: Update to Bookworm
   * d/patches: (Closes: #1085295, #1109805, #1137375)
     - CVE-2023-29159: Import upstream patch
       (directory traversal vulnerability in StaticFiles)
     - CVE-2024-47874: Import and backport upstream patch
       (DoS via unlimited multipart/form-data field buffering)
     - CVE-2025-54121: Import and backport upstream patch
       (event loop blocking on large multipart uploads to disk)
     - CVE-2026-48710: Import and backport upstream patch
       (Ignore malformed Host when constructing request.url)
Checksums-Sha1:
 27fe6144b09c18a584bd81c6e9c43db27e2ae4c7 49316 python3-starlette_0.26.1-1+deb12u1_all.deb
 c78e4caee65b6f6c3f69bd911157e1a4144a36ac 8320 starlette_0.26.1-1+deb12u1_all-buildd.buildinfo
Checksums-Sha256:
 1d7313b71a127ab559305678c56753af317785da232654a65186c8c90c3b2c15 49316 python3-starlette_0.26.1-1+deb12u1_all.deb
 90870ffc738da6310722269eb0dab715bfea473d8dfc845e15c2e6140aeb5bd3 8320 starlette_0.26.1-1+deb12u1_all-buildd.buildinfo
Files:
 ab707247159357440b62353f653e81c6 49316 python optional python3-starlette_0.26.1-1+deb12u1_all.deb
 ba73a56c3130837f7b5dc7ea910ab0d6 8320 python optional starlette_0.26.1-1+deb12u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXLxUpUHQBQBTDtd4aBVi67oXtfkFAmoVx0wACgkQaBVi67oX
tfn7Dg//awdA77DR5/7fSbWOBEKKMDtMqy0Yqc9EIQycOQmFeBkT8Wt6fWwP+8sA
CL8+QAOtUneaaOb6K5n5RAq1ghpJ+nLlUv56+eQamN4zDzheyGb0UL/MQMqe/BHa
dT4qh3MjY0b673nvrEDCVE+6OSrPUVy9eODFsa6r1FcdHr2MEjYZZfmIyCeC3VyI
rVsEgUFibb3lk3mkQg2fb9cn/VRKE70dxYivZz0lL6kqaLjMIFfIlbsyRbY1ROgZ
DwFvtchNsIviYiYkJi1K2ncgNusb3fLZ//6YIZIyqJB6Fm8J0CWmiRoPPPj3GZAM
sUeGfFpfgE3Z2Bwfn04fyTsgY0QfECryN2RO/r9U9/GuYSlztZal3roPXjXaxujC
Fj9fuMSGdPyFTmzHBwE2VGOG9oN6/YhhdxlEVWV383Dm6zZxloS3uZwxs1e8qG/P
m4LH6OwONZcnEOp4twcb65C88H21a4MIouBeK8JWiXKBVkW4yhstfxGPhFA5ANQ5
Wz6ZqvxhZCJjZk3omMnIgxGIEwBRV7JZ9Y9+X9/ECD5pvNUqVedYTpAn8JoehAZC
7WTYg3kiO5z7jTTtw0yQGCILLtB9i/jf5GKpUQf9DwsK1A0H5GOxLF9H8CFx5F2O
omy00J+FbTBqx+j78GLCILvLlw93WZwsVG1MYcJksPBEAjJblY4=
=TGG5
-----END PGP SIGNATURE-----