-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 07 Aug 2025 00:19:58 +0200 Source: cpp-httplib Binary: libcpp-httplib-dev libcpp-httplib0.18 libcpp-httplib0.18-dbgsym Architecture: armel Version: 0.18.7-1+deb13u1 Distribution: trixie-security Urgency: medium Maintainer: arm Build Daemon (arm-conova-02) Changed-By: Andrea Pappacoda Description: libcpp-httplib-dev - C++ HTTP/HTTPS server and client library - development files libcpp-httplib0.18 - C++ HTTP/HTTPS server and client library Closes: 1104926 Changes: cpp-httplib (0.18.7-1+deb13u1) trixie-security; urgency=medium . * fix CVE-2025-46728 (DoS via unbounded request line length). While this patch intended to enforce request body size limits for chunked Transfer-Encoding, it actually adds size limits for a unique lines read from HTTP requests, solving another kind of DoS. See the GHSA-px83-72rx-v57c GitHub advisory for more details. Thanks to Yang Wang for the patch! Closes: #1104926 . * fix CVE-2025-52887 (Unlimited number of HTTP headers causes memory leak). This patch adds a limit to the number of headers which can be passed in an HTTP request, mitigating a possible DoS due to memory exhaustion. See bug #1109340 and the GHSA-xjhg-gf59-p92h GitHub advisory for more details. . * fix CVE-2025-53629 (Unbounded Memory Allocation in Chunked Requests). This patch complements the fix for CVE-2025-46728, actually solving memory exhaustion attacks via chucked HTTP requests. See bug #1109340 and the GHSA-qjmq-h3cc-qv6w GitHub advisory for more details. Checksums-Sha1: d1f6239a40d3938ecb22a65409c5816c34ee86db 8592 cpp-httplib_0.18.7-1+deb13u1_armel-buildd.buildinfo fdac0998af0dce385978ab18bca26219d14e047a 19404 libcpp-httplib-dev_0.18.7-1+deb13u1_armel.deb 97a326a5b6b21ed0710662532a8ce7df363a3757 2127536 libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_armel.deb 87e34818f724226d56a4a6a784b33c5147fb7c3f 172032 libcpp-httplib0.18_0.18.7-1+deb13u1_armel.deb Checksums-Sha256: 37e545b71b22e5d58a90811b69c68ff413dc547a2f2fabf532cf3cc62a8cc475 8592 cpp-httplib_0.18.7-1+deb13u1_armel-buildd.buildinfo 52c0849040188e75f632d36933b6434a357536a8b1f4460c8442b9b17db03e2b 19404 libcpp-httplib-dev_0.18.7-1+deb13u1_armel.deb fad6e0cfe287e8597ce5d6844d9667c5c2725c81d147b8e068f3db4052953430 2127536 libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_armel.deb 0778d1f3fbbf72c31e69153dac81ea2c4417aed1ab42be51dc681c0a4cf4ed76 172032 libcpp-httplib0.18_0.18.7-1+deb13u1_armel.deb Files: 38e00491672afb2480a292c206539a48 8592 libs optional cpp-httplib_0.18.7-1+deb13u1_armel-buildd.buildinfo 78794982b50edc56ec03ff6197f6ffc7 19404 libdevel optional libcpp-httplib-dev_0.18.7-1+deb13u1_armel.deb bace88df6ee2f001fb5d1f04737b807c 2127536 debug optional libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_armel.deb 17a2b46d7b7ea597c197a0d60164467b 172032 libs optional libcpp-httplib0.18_0.18.7-1+deb13u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEWHj9K9pO9l4btbD1OQKMdMnEH5MFAmikbx8ACgkQOQKMdMnE H5NgFhAAwWDZGpCNy7Lc/SO7/WQloPv0JsCD85fFadWAMbC+xyE2maaKpXv0kxxV LGLc+3yM6E8/VEA7FfaMDfqi2x4bb+CQt6q+LB5pYu0Nu2F5x2tSCk4Huuh2q4Ml 3PdgJrbQqX2sdxsl3aDmbzbh+WxTg81Vq4WES6z/yPUHz9px8wqjLvu37O4v//T4 KEA/j3Pjgu6jmtaZ7gRTcCQ+8V+Bi9JdCQCmtkLrWt5lyQiOlG8KR9x8USzDt1tS 63aSq/2OaWZOrBD22eAP6iGSMaf8SBLS4Nyu714pPjyIYmRwFqXcCSn69kJRQ5fK j0J4/PTL/t22hE9W3OxnN0T8RGoDYLQCfHwLYYe6swE3ozFQIvFY+SII85FXbDIi PpswCGAQUKkyHva+Nq+kjowuNInZ6qAPrJBArt061N4Y4cHC6nPu9ZwDi0YZFGhA jWbRAuh0AWpTV8UajJ/KGjnMdXq7x0bD5ndsyUOciaxqoVn3/bBZWJNSJnDADRPI F5Vl+6PCT1BEH6IHBTYPp63fBV8ORZKKm0HYxgs4rfb5jD1mvLSoV3CvuM+nBzDM 9BJ15DlG/SlcHuaPOyBaPMeYr3pEVHlFFZyDTFlgop9s3WoWMKg3oADw/Kwf/SWo 6JV+QChahDgrl729A9m6niBN+49ssnDreI3LWYZXEMPlA9hDHs0= =xaBZ -----END PGP SIGNATURE-----