-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 07 Aug 2025 00:19:58 +0200 Source: cpp-httplib Binary: libcpp-httplib-dev libcpp-httplib0.18 libcpp-httplib0.18-dbgsym Architecture: riscv64 Version: 0.18.7-1+deb13u1 Distribution: trixie-security Urgency: medium Maintainer: riscv64 Build Daemon (rv-osuosl-03) Changed-By: Andrea Pappacoda Description: libcpp-httplib-dev - C++ HTTP/HTTPS server and client library - development files libcpp-httplib0.18 - C++ HTTP/HTTPS server and client library Closes: 1104926 Changes: cpp-httplib (0.18.7-1+deb13u1) trixie-security; urgency=medium . * fix CVE-2025-46728 (DoS via unbounded request line length). While this patch intended to enforce request body size limits for chunked Transfer-Encoding, it actually adds size limits for a unique lines read from HTTP requests, solving another kind of DoS. See the GHSA-px83-72rx-v57c GitHub advisory for more details. Thanks to Yang Wang for the patch! Closes: #1104926 . * fix CVE-2025-52887 (Unlimited number of HTTP headers causes memory leak). This patch adds a limit to the number of headers which can be passed in an HTTP request, mitigating a possible DoS due to memory exhaustion. See bug #1109340 and the GHSA-xjhg-gf59-p92h GitHub advisory for more details. . * fix CVE-2025-53629 (Unbounded Memory Allocation in Chunked Requests). This patch complements the fix for CVE-2025-46728, actually solving memory exhaustion attacks via chucked HTTP requests. See bug #1109340 and the GHSA-qjmq-h3cc-qv6w GitHub advisory for more details. Checksums-Sha1: 96e71e1c5f2ffe35dedab58ad56417ff8b23fbdc 8690 cpp-httplib_0.18.7-1+deb13u1_riscv64-buildd.buildinfo fd94493c2dfee730fe638f50b51c84ad57eabc36 19404 libcpp-httplib-dev_0.18.7-1+deb13u1_riscv64.deb 8e83abcac27e819e76d995c1d2ad46ed332c1d70 1748500 libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_riscv64.deb 57db70878ae211e002b61c8934b1e71713b314a3 192708 libcpp-httplib0.18_0.18.7-1+deb13u1_riscv64.deb Checksums-Sha256: b5ec3dfb4403b54d964eb323a38e3154c14215fc20c390d7ffa8faff56df27a8 8690 cpp-httplib_0.18.7-1+deb13u1_riscv64-buildd.buildinfo 8831cf0889b34bca6f202fd3b3bfb3a588c101dc7e045718c422aed5273f0eae 19404 libcpp-httplib-dev_0.18.7-1+deb13u1_riscv64.deb 57a1e6ca8e567529a14fff18ead17e60494442cfe6df4779186af754447e13b3 1748500 libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_riscv64.deb 7b4fe78eb9ebe7768f48fddf4e7cf92c57124f0b8358a1fa8d8cc17aa37adebb 192708 libcpp-httplib0.18_0.18.7-1+deb13u1_riscv64.deb Files: af8d7a657ec30a2ee0c4cc3781087e6b 8690 libs optional cpp-httplib_0.18.7-1+deb13u1_riscv64-buildd.buildinfo fe7429b2acda88f832aceaa47cdf1c21 19404 libdevel optional libcpp-httplib-dev_0.18.7-1+deb13u1_riscv64.deb 8c0821a9c3ddecf3ddc427e9a14b1d62 1748500 debug optional libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_riscv64.deb cb45c2d7e912f426548f43a4ed95e256 192708 libs optional libcpp-httplib0.18_0.18.7-1+deb13u1_riscv64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEcgNjDiyOcnJRaE/rxc5dwsVCzVkFAmn3k3cACgkQxc5dwsVC zVmLpQ/+PIe1ClIIMMzN2DfgWT8LaInbVl7A3xRYvp+D8Cbe7L5ekFRLaYhT15Z2 vI6Al3O+7idzoDYsc+ZV4X91eUTU/zIRLy0YwqRuq4m8bUDz0Bj10MsD32Mjt1/Z Q2eU6SZoYZ12NNcE4VbNGmEHCTn+bCo0+Fx/9Qo0PXwcZ2R+8kHibt5betGhbNjB 3kDzBVuVOnblgU6hfu2QZ1PgWObFjpaSYdunw7ythvnx5jKeAswTAwS5a3KROUHF 6mV5fCspmBhqHFF1tPCUusHPmkgXAf1BhIOULfROHkfGmOqpeRws1GN4ulPYtx8h Dx3uAfZw3arI1QZKLviITBhAyRQHSUhIEip5jrRpDYVuMySAdOBjV7+fqk92zq4P B6NWNIYuSgla0GvK1omQuyuR8TR4UxUMyNSGw+ulvH/T5snxfqOXuxM+P1BugOq8 l91X981ZaQnOwnE05pZzur60ScEMPsAcMhFR7+N3mXIt8ggyz7SU/DNU+CAQt3FG EVyX1ux+oyFIeQKL0mOmJuzg/mNvWxOArY9gm3wVrQ1BHhee0+LtBlOaKS5Pcwp5 F0bGBHYxYVtWbecifd/way4QH3qhUCLq2s4EYd+aGguLTX0Rn0Cq4n6nsMWvbfh7 Y6vn+WAydcv2KxauJQ+KcmPOZ4kF5jZ64F4lqnGxufMecwfFXzw= =GHiY -----END PGP SIGNATURE-----