-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 07 Aug 2025 00:19:58 +0200 Source: cpp-httplib Binary: libcpp-httplib-dev libcpp-httplib0.18 libcpp-httplib0.18-dbgsym Architecture: s390x Version: 0.18.7-1+deb13u1 Distribution: trixie-security Urgency: medium Maintainer: s390x Build Daemon (zandonai) Changed-By: Andrea Pappacoda Description: libcpp-httplib-dev - C++ HTTP/HTTPS server and client library - development files libcpp-httplib0.18 - C++ HTTP/HTTPS server and client library Closes: 1104926 Changes: cpp-httplib (0.18.7-1+deb13u1) trixie-security; urgency=medium . * fix CVE-2025-46728 (DoS via unbounded request line length). While this patch intended to enforce request body size limits for chunked Transfer-Encoding, it actually adds size limits for a unique lines read from HTTP requests, solving another kind of DoS. See the GHSA-px83-72rx-v57c GitHub advisory for more details. Thanks to Yang Wang for the patch! Closes: #1104926 . * fix CVE-2025-52887 (Unlimited number of HTTP headers causes memory leak). This patch adds a limit to the number of headers which can be passed in an HTTP request, mitigating a possible DoS due to memory exhaustion. See bug #1109340 and the GHSA-xjhg-gf59-p92h GitHub advisory for more details. . * fix CVE-2025-53629 (Unbounded Memory Allocation in Chunked Requests). This patch complements the fix for CVE-2025-46728, actually solving memory exhaustion attacks via chucked HTTP requests. See bug #1109340 and the GHSA-qjmq-h3cc-qv6w GitHub advisory for more details. Checksums-Sha1: da17a2684c09321b170ab8ec7267337948eee126 8602 cpp-httplib_0.18.7-1+deb13u1_s390x-buildd.buildinfo c1bda2679d8df14f2cee18fffe61b2c66a07f1bf 19408 libcpp-httplib-dev_0.18.7-1+deb13u1_s390x.deb d7785cc54315235dbe040b00e9d431b3f8faaf4b 2313924 libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_s390x.deb 07d37750cd86cc25164b36b198f2a4d526498c51 195516 libcpp-httplib0.18_0.18.7-1+deb13u1_s390x.deb Checksums-Sha256: b9f7d4bb26c9849af3a2205fafce2f1e5584d7a7b40f05ab63270ea6377855f4 8602 cpp-httplib_0.18.7-1+deb13u1_s390x-buildd.buildinfo 35bbf9936b9a674c4b55aeb28f399e0f417a25daeda4a92e62cd60d8c5b7fd72 19408 libcpp-httplib-dev_0.18.7-1+deb13u1_s390x.deb 93fd66d66ba3e7f6c13e524300baf6267b632a9a4018820bc4f53402972b2275 2313924 libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_s390x.deb 254c7c9e4fe1da987632640b90e7ee8c642b06da2ad31a680d0ddcb6ae40184f 195516 libcpp-httplib0.18_0.18.7-1+deb13u1_s390x.deb Files: 2a3c3e1c15365b56d6d7881edef5a9c8 8602 libs optional cpp-httplib_0.18.7-1+deb13u1_s390x-buildd.buildinfo ab50a3a24779e12f675b27213661f88f 19408 libdevel optional libcpp-httplib-dev_0.18.7-1+deb13u1_s390x.deb f5856d7003c529ae06226c2aed918a0c 2313924 debug optional libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_s390x.deb 875230f1d4b42b7ddebcc66bd00d7bac 195516 libs optional libcpp-httplib0.18_0.18.7-1+deb13u1_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEcgNjDiyOcnJRaE/rxc5dwsVCzVkFAmn3k3kACgkQxc5dwsVC zVlsVBAAhWXtJvsDx7NTkcSlO5f6lpjbXAS/UfGVpgO8takEz3TbHVUmxzaJKUcJ t+SE2QQpY0OhZvhttUY2AKaO5PJYbxDEohr8bQJWkrqIgmwScuwFmnlr0SR2hpIu CtNwaYYX0dKhq6YyuDPJs75wk00kmeFe9v18FhZG/4ykSAcTRqvaF4XX8ct+x3gH GENA39vAIM3/hnPiUurANyox/kdlwkhyzqD0iBZpxLm/xMXGBHZe3mDTANZwerp8 kqANuGA3ZX6VqKazNGwbsQHDexB4UixNmECpYtvLP8fuFSe9en/l4FxsIeoOEiO1 KrHHUI0BYpfHvmjJoQi+Aa3GtBaLwrleAsUAZHzzU0/T8Rm4nVR6CAnA65VOuLsw ThAj2MdnYjvXMHea+8JnegfAFDAKxeU574IbyJwfms1pTlRhOE6Shl6imm7fWxFn dj9r/5FWrqDwrUcOgeXAU1m/M/UXEeuFUHE+2nzcpDXYT0HpgmiYpZjyBCxtLXzw bR025K97vOjvNowZfMVqa5kMgwwoY4bKWVhgeh0pv2HPWfam4p3kkqzPJ80HrtGC axqnrWOZitvIZqghSBG22vNfp2lq7yIhQHD8WYLxvM4nSFI57BdYnAVOTkGWckC8 Q+pmyNX+HKqFl2diqX0wPYvywgrKLyzuEtSnOGCeu+1lf5sRwhw= =WAZZ -----END PGP SIGNATURE-----