-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 07 Aug 2025 00:19:58 +0200 Source: cpp-httplib Binary: libcpp-httplib-dev libcpp-httplib0.18 libcpp-httplib0.18-dbgsym Architecture: armhf Version: 0.18.7-1+deb13u1 Distribution: trixie-security Urgency: medium Maintainer: arm Build Daemon (arm-conova-01) Changed-By: Andrea Pappacoda Description: libcpp-httplib-dev - C++ HTTP/HTTPS server and client library - development files libcpp-httplib0.18 - C++ HTTP/HTTPS server and client library Closes: 1104926 Changes: cpp-httplib (0.18.7-1+deb13u1) trixie-security; urgency=medium . * fix CVE-2025-46728 (DoS via unbounded request line length). While this patch intended to enforce request body size limits for chunked Transfer-Encoding, it actually adds size limits for a unique lines read from HTTP requests, solving another kind of DoS. See the GHSA-px83-72rx-v57c GitHub advisory for more details. Thanks to Yang Wang for the patch! Closes: #1104926 . * fix CVE-2025-52887 (Unlimited number of HTTP headers causes memory leak). This patch adds a limit to the number of headers which can be passed in an HTTP request, mitigating a possible DoS due to memory exhaustion. See bug #1109340 and the GHSA-xjhg-gf59-p92h GitHub advisory for more details. . * fix CVE-2025-53629 (Unbounded Memory Allocation in Chunked Requests). This patch complements the fix for CVE-2025-46728, actually solving memory exhaustion attacks via chucked HTTP requests. See bug #1109340 and the GHSA-qjmq-h3cc-qv6w GitHub advisory for more details. Checksums-Sha1: 912cd63ffbcedc4594051ce4df3513a8dc6c2648 8606 cpp-httplib_0.18.7-1+deb13u1_armhf-buildd.buildinfo f68ae9fe618130a85248d4b2dfa9213e8ec1a7ff 19408 libcpp-httplib-dev_0.18.7-1+deb13u1_armhf.deb b8ce211d867151f926bd4265a552b8c2972f05d3 2127684 libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_armhf.deb 47579f1dc7a37811e4a050714f32cf47aef62098 175544 libcpp-httplib0.18_0.18.7-1+deb13u1_armhf.deb Checksums-Sha256: a0e3ef76631a4c57b07c9e0c8d39a4b9d4f7bf6ba62ee678ae60a1ec1df4060f 8606 cpp-httplib_0.18.7-1+deb13u1_armhf-buildd.buildinfo 50308b624104044a905d42c9393abd28f65e049dc2adc7a40dcd0960a3fea430 19408 libcpp-httplib-dev_0.18.7-1+deb13u1_armhf.deb f0148730e548f3688f8a0af8dc30928171fd951f2a6a9d6c8b0ad61cc6c826ca 2127684 libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_armhf.deb 255abfaa3d9a18ea79adfad2d7828e167758646369d32273df36b9d7d03876e5 175544 libcpp-httplib0.18_0.18.7-1+deb13u1_armhf.deb Files: 0b27784310f936b8bdfccd5e7e3c7a78 8606 libs optional cpp-httplib_0.18.7-1+deb13u1_armhf-buildd.buildinfo 51ded26358c3ebfe3be8154c0fed4233 19408 libdevel optional libcpp-httplib-dev_0.18.7-1+deb13u1_armhf.deb 5263795b588194a6327e8095b97fb9f1 2127684 debug optional libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_armhf.deb 02b7b47223993406f07764d62fda3393 175544 libs optional libcpp-httplib0.18_0.18.7-1+deb13u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEcgNjDiyOcnJRaE/rxc5dwsVCzVkFAmn3k3MACgkQxc5dwsVC zVlSEg/+PiUa9XzcHiXKEt8zcMOPSGX6CIeAmbE8t77gKQWlLGgbeAVSY5Lc9lkI E3KIzEmOI0LjJMkM0QiVZVfO+4xaYoVStY3HresiQECORnFi4B+4Cz3xJkqbVTLX xtOC0c1t2aqT0M4naUXZTIBsBcsAZAH2KHyCgi+llMtg7Pqza4myMRUD9WQqbUMX Sx7kMd87RYE6bXVrlFuZH8vOW3SoN9sLHI3UMz91BoumqnsFW+zFF46bHPymAeTj K0xAGjS6pyZSCuFehGzO1+MMAyXmITQlBEOG/TTGAWukmZfa7vj0XjW4nSpTmNZi nPMwrCKBEiDWUmOiHimu3fwjz3Hn6K2T79wMZVjnTNP48WT1PuUKD2uauipmGyM0 fOsXiB5opD+6ySXR613yRumcqqcIaW8NrlzsHJNYiyX1yOZc9TAXY+ZBMtYiqnMh NBpzISPPlsRbSl816xfa6pdQgaAbq51mjCQBmqgOinX80AyQaGFsnsGHWkY3LeXu C+WvQeB9BD+46wFBlkfSA2FWzqe0tuQEEGp7j8pVULRwavQ3EcplCOEYUc1Hswfk ro1gnRxUYg/akjSyO5c4oQalOp+Q7ow/PfEzx6ySjrpjoysts9KyfxWHYvxBArzC 5fd9N8v0dqp2LYYWwKnt2DvKPneCTBN9f9/OeMOXg4RnkN1jMew= =+j/E -----END PGP SIGNATURE-----