-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 07 Aug 2025 00:19:58 +0200
Source: cpp-httplib
Architecture: source
Version: 0.18.7-1+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Andrea Pappacoda <tachi@debian.org>
Changed-By: Andrea Pappacoda <tachi@debian.org>
Closes: 1104926
Changes:
 cpp-httplib (0.18.7-1+deb13u1) trixie-security; urgency=medium
 .
   * fix CVE-2025-46728 (DoS via unbounded request line length).
     While this patch intended to enforce request body size limits for
     chunked Transfer-Encoding, it actually adds size limits for a unique
     lines read from HTTP requests, solving another kind of DoS.
     See the GHSA-px83-72rx-v57c GitHub advisory for more details.
     Thanks to Yang Wang for the patch!
     Closes: #1104926
 .
   * fix CVE-2025-52887 (Unlimited number of HTTP headers causes memory leak).
     This patch adds a limit to the number of headers which
     can be passed in an HTTP request, mitigating a possible DoS due to memory
     exhaustion.
     See bug #1109340 and the GHSA-xjhg-gf59-p92h GitHub advisory for more
     details.
 .
   * fix CVE-2025-53629 (Unbounded Memory Allocation in Chunked Requests).
     This patch complements the fix for CVE-2025-46728, actually solving
     memory exhaustion attacks via chucked HTTP requests.
     See bug #1109340 and the GHSA-qjmq-h3cc-qv6w GitHub advisory for more
     details.
Checksums-Sha1:
 e336c80e1354af5c88227def9866fa1621d99636 1693 cpp-httplib_0.18.7-1+deb13u1.dsc
 ec7191a91fa918e057e29dc1237ff61f6505809f 711948 cpp-httplib_0.18.7.orig.tar.xz
 dcfed077b5ac6136ba24382714ef57dd4277eec1 11060 cpp-httplib_0.18.7-1+deb13u1.debian.tar.xz
 ff66bc2f1b39a078e7d3135ce83c7f00a1f66555 4814 cpp-httplib_0.18.7-1+deb13u1_source.buildinfo
Checksums-Sha256:
 2bd292aea7bf4326ff43f4d9263291c444e4cb18aca4d9acf686598cd7c14711 1693 cpp-httplib_0.18.7-1+deb13u1.dsc
 c88f6495da71e778c82c22995b547a92ceb41cc4016f9028df67106a24b9210d 711948 cpp-httplib_0.18.7.orig.tar.xz
 00ea33189a7421a434b6d9ccb431ef4debce086534d249e8efa89050e7593198 11060 cpp-httplib_0.18.7-1+deb13u1.debian.tar.xz
 678321d9bc9c8a8af8e8d0f571c41f31f9b5cf9f405ac82adc98bffbef703953 4814 cpp-httplib_0.18.7-1+deb13u1_source.buildinfo
Files:
 cd1792eb1dd75e38636e2bbc9d2780b2 1693 libs optional cpp-httplib_0.18.7-1+deb13u1.dsc
 7ee1bd75a6f21d29bea39e42cf574db4 711948 libs optional cpp-httplib_0.18.7.orig.tar.xz
 2ac30772330f58321fe70157d339c2e8 11060 libs optional cpp-httplib_0.18.7-1+deb13u1.debian.tar.xz
 a669bb4842f51985fb922cba120aadab 4814 libs optional cpp-httplib_0.18.7-1+deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQS6VuNIvZRFHt7JcAdKkgiiRVB3pwUCaKRnTgAKCRBKkgiiRVB3
p9X5AP9gCykQHWzNb+rKOu6ggtfQeSZCvzKpaPlulanA3dWliQEAhhYh5CySNHz8
HQeXXcmr5g9KGDqnUnzlJGlLMPQCogk=
=v7By
-----END PGP SIGNATURE-----