-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 07 Aug 2025 00:19:58 +0200 Source: cpp-httplib Binary: libcpp-httplib-dev libcpp-httplib0.18 libcpp-httplib0.18-dbgsym Architecture: ppc64el Version: 0.18.7-1+deb13u1 Distribution: trixie-security Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-osuosl-02) Changed-By: Andrea Pappacoda Description: libcpp-httplib-dev - C++ HTTP/HTTPS server and client library - development files libcpp-httplib0.18 - C++ HTTP/HTTPS server and client library Closes: 1104926 Changes: cpp-httplib (0.18.7-1+deb13u1) trixie-security; urgency=medium . * fix CVE-2025-46728 (DoS via unbounded request line length). While this patch intended to enforce request body size limits for chunked Transfer-Encoding, it actually adds size limits for a unique lines read from HTTP requests, solving another kind of DoS. See the GHSA-px83-72rx-v57c GitHub advisory for more details. Thanks to Yang Wang for the patch! Closes: #1104926 . * fix CVE-2025-52887 (Unlimited number of HTTP headers causes memory leak). This patch adds a limit to the number of headers which can be passed in an HTTP request, mitigating a possible DoS due to memory exhaustion. See bug #1109340 and the GHSA-xjhg-gf59-p92h GitHub advisory for more details. . * fix CVE-2025-53629 (Unbounded Memory Allocation in Chunked Requests). This patch complements the fix for CVE-2025-46728, actually solving memory exhaustion attacks via chucked HTTP requests. See bug #1109340 and the GHSA-qjmq-h3cc-qv6w GitHub advisory for more details. Checksums-Sha1: 0a33806d2859ccf5cb59a5f8624951af1ac1578d 8745 cpp-httplib_0.18.7-1+deb13u1_ppc64el-buildd.buildinfo 6c42a80719b1af74622fc63e998fb299bd569e72 19420 libcpp-httplib-dev_0.18.7-1+deb13u1_ppc64el.deb a0b6c1b97255eca91ee72e5d1dbbaf56b485902d 2312992 libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_ppc64el.deb a5f62908ab2da5c018ddd542557ce1a0f90ebf44 205476 libcpp-httplib0.18_0.18.7-1+deb13u1_ppc64el.deb Checksums-Sha256: 35064af3ec4d80abdf8dbead9bf5859b259e7f560633cf1a3b4b22978343e85a 8745 cpp-httplib_0.18.7-1+deb13u1_ppc64el-buildd.buildinfo 972ca0f549a3f04f04991aff2f349d24dc327c56df3de07384485a0e90c4d6a3 19420 libcpp-httplib-dev_0.18.7-1+deb13u1_ppc64el.deb 24f9216a6184abb7caddc5a5f4a179ec261c46950d0c87c023e8d10c23c491ea 2312992 libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_ppc64el.deb b79b4127581a07695ac188dc643074899f3a25409be261422995b2cad37ee664 205476 libcpp-httplib0.18_0.18.7-1+deb13u1_ppc64el.deb Files: dcbb390ffbe0c636c4dbf3855f3f395a 8745 libs optional cpp-httplib_0.18.7-1+deb13u1_ppc64el-buildd.buildinfo ea21352b20b90ebaa2d12c5cd7ab34e0 19420 libdevel optional libcpp-httplib-dev_0.18.7-1+deb13u1_ppc64el.deb 1392adbee50fae000bbb80984cc47da9 2312992 debug optional libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_ppc64el.deb 75bf2d271d492503445d260165a8c1d4 205476 libs optional libcpp-httplib0.18_0.18.7-1+deb13u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYo4fOZBRi9qmvTxH1PowSTJ8+YQFAmikbvYACgkQ1PowSTJ8 +YTHbA//Zl+RGmd5LkqYoBeahwIeoWLpbGc7rgxuTGxNqQzL1HJhuUDd4AGMrOWh nHSk0j5ZL0Vwj0J2a4NIZ/KsCX/VFSTMX7qSKgMF1dWTJAAB1G9Lqdm8dg2r3rMW RBsm76UL5fGskFQt3qVxYVHs09810ePvvOMt3LxSzmvLPXbyAMOFxM1IcJThrhZ/ eLM6w8WJswcg8NcK1ON12rc6fVHpI8iCFd9CF8gZvvFnxEyN07Ea/ilNfEq3csMR LyBgovFBysbg/FwdJxgSRXgkOEbZfvtA4gvv4axHJgY0uS3OfkCdq21rlglYTk5o kC4ZW/zz1TNsP1zd2+x/9o2KWpPQ3vcnlpWw6gHXElDg1rTXtKNLoyg+oI3KxclH fLnOwcTprveWNDaG4MMWw51UvnvYuFU0GAV/0JaWsn3+TbBN8IIENGISZmkev/Mj HteVss/BHjzPDdKIpAzvTGAGeDMWp1QH8szr8cZSvcMrKz7JkOJh2OTuiTx6Aee/ /5sh0gHsdf1/7aDHaxP5Mq1RgP9Qv2qOuZ1T/sY5bDLNpBLJAazKbxDoAM9CEm0R E63+tUOm0BvPGHfgx1GvK/y0jhANLfFCLBBVyA9gF/qOl8RipWWDkvUUBSQKmcPO daYx3EPOhTy+UbEj/fUh7tywrYSUzsrRYhwJjQKgF6rI0MXA18M= =yYRA -----END PGP SIGNATURE-----