References: https://www.openwall.com/lists/oss-security/2026/05/03/1 https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.3 Fix: https://github.com/kazuho/Starlet/commit/a7d5dfd1862aafa43e5eaca0fdb6acf4cc15b2d0.patch
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=35448Flags: (none) => affects_mga9+Status comment: (none) => Patch available from upstreamCVE: (none) => CVE-2026-40561Source RPM: (none) => perl-Starlet-0.310.0-5.mga10.src.rpm, perl-Starlet-0.310.0-4.mga9.src.rpmWhiteboard: (none) => MGA9TOO
For Cauldron, I asked for a freeze move. Suggested advisory: ======================== The updated package fixes a security vulnerability: Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. (CVE-2026-40561) References: https://www.openwall.com/lists/oss-security/2026/05/03/1 https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.3 ======================== Updated package in core/updates_testing: ======================== perl-Starlet-0.310.0-4.1.mga9 from SRPM: perl-Starlet-0.310.0-4.1.mga9.src.rpm
Status comment: Patch available from upstream => (none)Flags: affects_mga9+ => (none)Whiteboard: MGA9TOO => (none)Source RPM: perl-Starlet-0.310.0-5.mga10.src.rpm, perl-Starlet-0.310.0-4.mga9.src.rpm => perl-Starlet-0.310.0-4.mga9.src.rpmVersion: Cauldron => 9Status: NEW => ASSIGNEDAssignee: bugsquad => qa-bugs
Same remarks as bug 35448, OK on clean install.
Flags: (none) => test_passed_mga9_64+CC: (none) => herman.viaeneWhiteboard: (none) => MGA9-64-OK
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2026-0120.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=35485