-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 07 Aug 2025 00:19:58 +0200
Source: cpp-httplib
Binary: libcpp-httplib-dev libcpp-httplib0.18 libcpp-httplib0.18-dbgsym
Architecture: amd64
Version: 0.18.7-1+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Andrea Pappacoda <tachi@debian.org>
Description:
 libcpp-httplib-dev - C++ HTTP/HTTPS server and client library - development files
 libcpp-httplib0.18 - C++ HTTP/HTTPS server and client library
Closes: 1104926
Changes:
 cpp-httplib (0.18.7-1+deb13u1) trixie-security; urgency=medium
 .
   * fix CVE-2025-46728 (DoS via unbounded request line length).
     While this patch intended to enforce request body size limits for
     chunked Transfer-Encoding, it actually adds size limits for a unique
     lines read from HTTP requests, solving another kind of DoS.
     See the GHSA-px83-72rx-v57c GitHub advisory for more details.
     Thanks to Yang Wang for the patch!
     Closes: #1104926
 .
   * fix CVE-2025-52887 (Unlimited number of HTTP headers causes memory leak).
     This patch adds a limit to the number of headers which
     can be passed in an HTTP request, mitigating a possible DoS due to memory
     exhaustion.
     See bug #1109340 and the GHSA-xjhg-gf59-p92h GitHub advisory for more
     details.
 .
   * fix CVE-2025-53629 (Unbounded Memory Allocation in Chunked Requests).
     This patch complements the fix for CVE-2025-46728, actually solving
     memory exhaustion attacks via chucked HTTP requests.
     See bug #1109340 and the GHSA-qjmq-h3cc-qv6w GitHub advisory for more
     details.
Checksums-Sha1:
 8f86c181785ad375efe4fe34feef67d56e695960 8740 cpp-httplib_0.18.7-1+deb13u1_amd64-buildd.buildinfo
 37b8cf0610b2b605d6cb3a7fb92afa05ef8fa5ef 19412 libcpp-httplib-dev_0.18.7-1+deb13u1_amd64.deb
 aaadb79a7a91d990c5c6f9e83398b5645ebf0fe5 2342144 libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_amd64.deb
 0306b19a1c40e73ca4d1e8f4cc62b86190659f73 205744 libcpp-httplib0.18_0.18.7-1+deb13u1_amd64.deb
Checksums-Sha256:
 2e11538f6e456b0ea849d0611d70c3c78fcce7a8c3a2d4cdb0bf81527dd87bec 8740 cpp-httplib_0.18.7-1+deb13u1_amd64-buildd.buildinfo
 1a4557aa0e810842250f66f23b9aa4a8826af8a129c086377b950ef92f016c05 19412 libcpp-httplib-dev_0.18.7-1+deb13u1_amd64.deb
 c9afba5e4d6c17c0f14f5f7dee53f56630ba1e5c7bf1664a2c0474819e33deec 2342144 libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_amd64.deb
 95a041660218215f15d18491a49adb2975131985f8c12742e69aaef966be14fe 205744 libcpp-httplib0.18_0.18.7-1+deb13u1_amd64.deb
Files:
 fa5535ddfcba18a38768b17e8e33983d 8740 libs optional cpp-httplib_0.18.7-1+deb13u1_amd64-buildd.buildinfo
 a1c6d42faa7588e0f5fc25fdcd38b92a 19412 libdevel optional libcpp-httplib-dev_0.18.7-1+deb13u1_amd64.deb
 f54040c929425ca5b14cfab7d848bc4d 2342144 debug optional libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_amd64.deb
 8ffc16c78c579abace7b9ad684b90cf7 205744 libs optional libcpp-httplib0.18_0.18.7-1+deb13u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEcgNjDiyOcnJRaE/rxc5dwsVCzVkFAmn3k3EACgkQxc5dwsVC
zVls1w/7BBsYqD6bRNrvFfv53UI2moGf9bMZdS2Yw7E05MQ9wQ24AuSkePFpUGbD
p4QXNvm8syZ15VuOm/rzUPpmt2AqNFfhB+vqlEqbrMlQJx0XSaT+p9+fngvqA8HI
ferSPUUDqutgBghEXB8SGu6+n2nTi93kiFGVQ11VD6wprrGllHHBWWIPm5vWQBT+
vo27l0CB5LkCutBPfzVuoEso7e+limt/DwgPYVa7m5iA4sPPpWFx4b0x4gmhmoyO
7frRFQZy8oyzjnX11aCsCmhHqiea60B+heRCuBHUEuJRxjYAxD7+XiTW1vrY830D
IU+HOt79uwDu6bI8KXGtxGqAHyJUcLHxNG8YBV/vEBeQE4QWFCmXKrFwrZ+Mh7/r
Bd4yABGuxsqKYPw7LrN+v3MT44yFZEZ7p3cUpEXKtTjzasTPppTO8WI+a6lGYeWB
vrIU1PkVFYLjSj5fI0VCxBf8skfTNdnUlc6v8l2wsKUAYg0bLFhanw+/9NgVXPhw
rItRrvPUM2ksYhlz3DFn8uF8elDEEX8CXo1EZLvNkNJVZMPD9GldxjBgdaxSTbnu
0jBaS5ybyFo8DbwfPtClYsxMRJG7UatvXK+PITk7Ap8c8NGKgXL1lOqWygSkGgHB
u/FBxKMf0b3Tko0ML3Wvuj118cOcoJCJTYNP8Se48hsD/2vTNpM=
=FwfX
-----END PGP SIGNATURE-----