-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 07 Aug 2025 00:19:58 +0200
Source: cpp-httplib
Binary: libcpp-httplib-dev libcpp-httplib0.18 libcpp-httplib0.18-dbgsym
Architecture: arm64
Version: 0.18.7-1+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: arm Build Daemon (arm-ubc-05) <buildd_arm64-arm-ubc-05@buildd.debian.org>
Changed-By: Andrea Pappacoda <tachi@debian.org>
Description:
 libcpp-httplib-dev - C++ HTTP/HTTPS server and client library - development files
 libcpp-httplib0.18 - C++ HTTP/HTTPS server and client library
Closes: 1104926
Changes:
 cpp-httplib (0.18.7-1+deb13u1) trixie-security; urgency=medium
 .
   * fix CVE-2025-46728 (DoS via unbounded request line length).
     While this patch intended to enforce request body size limits for
     chunked Transfer-Encoding, it actually adds size limits for a unique
     lines read from HTTP requests, solving another kind of DoS.
     See the GHSA-px83-72rx-v57c GitHub advisory for more details.
     Thanks to Yang Wang for the patch!
     Closes: #1104926
 .
   * fix CVE-2025-52887 (Unlimited number of HTTP headers causes memory leak).
     This patch adds a limit to the number of headers which
     can be passed in an HTTP request, mitigating a possible DoS due to memory
     exhaustion.
     See bug #1109340 and the GHSA-xjhg-gf59-p92h GitHub advisory for more
     details.
 .
   * fix CVE-2025-53629 (Unbounded Memory Allocation in Chunked Requests).
     This patch complements the fix for CVE-2025-46728, actually solving
     memory exhaustion attacks via chucked HTTP requests.
     See bug #1109340 and the GHSA-qjmq-h3cc-qv6w GitHub advisory for more
     details.
Checksums-Sha1:
 3fcd8a953053d20302ca6b091fc6e14b55abb6a3 8730 cpp-httplib_0.18.7-1+deb13u1_arm64-buildd.buildinfo
 94d28c843b1fda60218a0c20705ca7500a7a7038 19404 libcpp-httplib-dev_0.18.7-1+deb13u1_arm64.deb
 c18bb687e723aa0380d003008c66b0bfb0904010 2248976 libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_arm64.deb
 dea4f2e944c48dec3c871beb8721f24aa5e9bae7 176888 libcpp-httplib0.18_0.18.7-1+deb13u1_arm64.deb
Checksums-Sha256:
 fe02da9cf23e4573926a972aacdbb5bf0c8473c9d879921e0b7d5bc0af2ff26e 8730 cpp-httplib_0.18.7-1+deb13u1_arm64-buildd.buildinfo
 f91e19b6ac32ca9f7d9aa415780868e26ddba307bf387c99d7d1aa1f83f6525d 19404 libcpp-httplib-dev_0.18.7-1+deb13u1_arm64.deb
 42d593fc2970bd00add9fbe53e81c7076559ff3836a148c493efb87dd927d86b 2248976 libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_arm64.deb
 9a138056c5a4d396a1085964c37bbef28fcae654f4ac1250d2e34b51ba4be44a 176888 libcpp-httplib0.18_0.18.7-1+deb13u1_arm64.deb
Files:
 a1710ab926bf0515e7707ec3b8b97f39 8730 libs optional cpp-httplib_0.18.7-1+deb13u1_arm64-buildd.buildinfo
 ee31b251ebe9b1684c8fffe8719cdb3f 19404 libdevel optional libcpp-httplib-dev_0.18.7-1+deb13u1_arm64.deb
 4a7b72f60d9626acd663b4984e19fc41 2248976 debug optional libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_arm64.deb
 79779760280e4c0c172604c46c6bba9b 176888 libs optional libcpp-httplib0.18_0.18.7-1+deb13u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEiIG3Q3DxwDgRKKeyLRECdjCZQkcFAmikcBUACgkQLRECdjCZ
QkdjIw/+OFjcUcay+Yxc+vlRXMuk7K7VmwODdu2CSDY0jC8ZtPlkasizh1uov/IK
7i1GHaege1KaBnJdlwMYe+Pv761znthsaCAImDtVTON4PZlm3TdVQWWwcD+tUrfO
7ll9E8D4HM+Y5tEFIoHgzIo8mSDA7o7hIAgEToeHKfHiJq4qn4kEVzPSOcPWTba2
tNYdcmOetepaDNvCeS/KNL+bbjUQBIaIWIUHEkXBQy6dALo+ICEZeErhFONR1r7n
HgC9yXc/Hy7xdwdn7xbiDwdCNlSY8g0k2cOkBkHQFT+apLbl7DplDNKKXBvzlI+h
0hvzRFqKxFknqK5ElQFBdSFIUr7eJT0ZDvP4zmDV1SRNw+6v0ulXt0oI8cISQGwM
G+b0CLI6aPevhFEJEpz/SN1hxp3CxvL6zi76+UdhHlF7pq+XyfDVz74bcSa+FJ4h
PWlfNPKxkcnh26eRAMxeP12k6l/Bx1cB5os5ZcTMzEatTFNLD+zBmp2LqsbQXv5i
tT35iYupUcCYnwnfM4xvGlN6Q7wMTHPwV72Q0Qt1v7WF6W3y7DTYoJxNUZPuxq2T
DXAtaC8R0HOZHZd+Y1OXcUwOZkVjn80mqoDLmxbbm2T5LcQjpC2AZ293mlgXEeQI
4H1KvfBVfOWwc0lpnPcxuxQASe8FVy/cpefdt8itU5lGbjcr9ns=
=y55B
-----END PGP SIGNATURE-----