-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 16 Aug 2025 20:27:58 +0200
Binary: libcpp-httplib0.25 libcpp-httplib0.25-dbgsym libcpp-httplib-dev
Source: cpp-httplib
Architecture: amd64 source
Version: 0.25.0+ds-1
Distribution: experimental
Urgency: medium
Maintainer: Andrea Pappacoda <tachi@debian.org>
Changed-By: Andrea Pappacoda <tachi@debian.org>
Closes: 1109340
Description:
libcpp-httplib0.25 - C++ HTTP/HTTPS server and client library
libcpp-httplib-dev - C++ HTTP/HTTPS server and client library - development files
Changes:
cpp-httplib (0.25.0+ds-1) experimental; urgency=medium
.
* Update to new upstream version 0.25.0+ds.
.
* Fix numerous CVEs (Closes: #1109340):
- CVE-2025-52887 (Unlimited number of HTTP headers causes memory leak).
Version 0.22.0 adds a limit to the number of headers which can be passed
in an HTTP request, mitigating a possible DoS due to memory exhaustion.
.
- CVE-2025-53628 (HTTP Header Smuggling due to insecure trailers merge).
Version 0.23.0 changes the way HTTP trailer fields are handled so to
avoid an attacker to modify headers with prohibited trailers.
.
- CVE-2025-53629 (Unbounded Memory Allocation in Chunked Requests).
Version 0.23.0 complements the fix for CVE-2025-46728, actually solving
memory exhaustion attacks via chucked HTTP requests.
.
* d/control: libcpp-httplib0.20 -> libcpp-httplib0.25
* d/changelog: mention CVE-2025-46728 in 0.20.1+ds-1 changelog entry.
* d/rules: remove redundant file copy
Checksums-Sha1:
6905159ff473439ec66271f635e87e4bc86d3c8c 1824 cpp-httplib_0.25.0+ds-1.dsc
1aef4bc01d005cf9550923850051e4eb597d2588 737100 cpp-httplib_0.25.0+ds.orig.tar.xz
19eebbbae9457fd85f3072a88a19477d679867d4 5872 cpp-httplib_0.25.0+ds-1.debian.tar.xz
8e4045d131a9f0818ea67922b07014fd8a80d74a 8076 cpp-httplib_0.25.0+ds-1_amd64.buildinfo
67455f2873e9d13bf6832f69ace3e0384de39626 21320 libcpp-httplib-dev_0.25.0+ds-1_amd64.deb
f50db04cd7666fbf40e3f34dc50bcd45d0e7fd08 2565820 libcpp-httplib0.25-dbgsym_0.25.0+ds-1_amd64.deb
72e12e0cc867615ca0d4b3af036b59b617ad2879 225548 libcpp-httplib0.25_0.25.0+ds-1_amd64.deb
Checksums-Sha256:
6c1a147bd6a6041ee3b992d95f75ac74e4ad7459ea350e19e8bc7acd57d6a9e0 1824 cpp-httplib_0.25.0+ds-1.dsc
cd92a04dac06907c3ba983a8bac29ebc252b790b4c33aafb1b33ffb0a56470ec 737100 cpp-httplib_0.25.0+ds.orig.tar.xz
cc3b930c6a4d58e7dcdae2f99eec2fb6e00b5d2e07b818b71a303c5d329b5e46 5872 cpp-httplib_0.25.0+ds-1.debian.tar.xz
868276b25d53424a787d309d6c00bef9ac14c26953ca6f764f24f2ae63e41cdc 8076 cpp-httplib_0.25.0+ds-1_amd64.buildinfo
8af454334a50f3a663477552339504e3e1c8ba25aa5a405659d84ce041febdd6 21320 libcpp-httplib-dev_0.25.0+ds-1_amd64.deb
ab424be050427c771b0bc1cbdfd8cdbad85c1764b16d209bd134e307811b34cf 2565820 libcpp-httplib0.25-dbgsym_0.25.0+ds-1_amd64.deb
85c1589b717f4fa0b4b9d5207806b6c6cee1dc24192016f8a0ab0945a51e235d 225548 libcpp-httplib0.25_0.25.0+ds-1_amd64.deb
Files:
e670cb89d2a0c7d19f9038cca2d5b934 1824 libs optional cpp-httplib_0.25.0+ds-1.dsc
8fd07b577fc95d9bbc50fbadaa1def14 737100 libs optional cpp-httplib_0.25.0+ds.orig.tar.xz
8ef9848aefb54e5ac30b63416234de29 5872 libs optional cpp-httplib_0.25.0+ds-1.debian.tar.xz
4cc8db4bcbf8f0101826e9a1f1f12ddc 8076 libs optional cpp-httplib_0.25.0+ds-1_amd64.buildinfo
6f9c104d60e605f997dec48c8606a6a9 21320 libdevel optional libcpp-httplib-dev_0.25.0+ds-1_amd64.deb
be7f6bba01c7a9b3ba0b3f5f1e54d6b2 2565820 debug optional libcpp-httplib0.25-dbgsym_0.25.0+ds-1_amd64.deb
ce878dcc9634ceffcac8fcde13141e3e 225548 libs optional libcpp-httplib0.25_0.25.0+ds-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iIcEARYKAC8WIQS6VuNIvZRFHt7JcAdKkgiiRVB3pwUCaKDPbhEcdGFjaGlAZGVi
aWFuLm9yZwAKCRBKkgiiRVB3p5mAAP94cVZH9jtJfIHpXzXCuu4YDn1OeqK5rPiD
8jYGGnpMnAD/RV2wiM5IVp/eeDNaK1liwlazgV8U7A2UuCXvOSBJCwA=
=w+VW
-----END PGP SIGNATURE-----
Attachment:
pgpVjQTGi5LqW.pgp
Description: PGP signature