Debian Quality Assurance

cpp-httplib (0.25.0+ds-1) [PTS] [DDPO]

OK: VCS matches the version in the archive

• Git: https://salsa.debian.org/debian/cpp-httplib.git
• JSON
  Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
  For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
  The next upload will reset the information from the source package headers.
• Branch: debian/latest
• Path: debian/changelog
• Repo size: 724992
• Browser: https://salsa.debian.org/debian/cpp-httplib
• Last scan: 2025-09-02 17:27:11+00
• Next scan: 2025-09-10 14:33:00+00
• Debian changelog in Git:

  cpp-httplib (0.25.0+ds-1) experimental; urgency=medium
  
    * Update to new upstream version 0.25.0+ds.
  
    * Fix numerous CVEs (Closes: #1109340):
      - CVE-2025-52887 (Unlimited number of HTTP headers causes memory leak).
        Version 0.22.0 adds a limit to the number of headers which can be passed
        in an HTTP request, mitigating a possible DoS due to memory exhaustion.
  
      - CVE-2025-53628 (HTTP Header Smuggling due to insecure trailers merge).
        Version 0.23.0 changes the way HTTP trailer fields are handled so to
        avoid an attacker to modify headers with prohibited trailers.
  
      - CVE-2025-53629 (Unbounded Memory Allocation in Chunked Requests).
        Version 0.23.0 complements the fix for CVE-2025-46728, actually solving
        memory exhaustion attacks via chucked HTTP requests.
  
    * d/control: libcpp-httplib0.20 -> libcpp-httplib0.25
    * d/changelog: mention CVE-2025-46728 in 0.20.1+ds-1 changelog entry.
    * d/rules: remove redundant file copy
  
   -- Andrea Pappacoda <tachi@debian.org>  Sat, 16 Aug 2025 20:27:58 +0200

• This branch is even with tag archive/debian/0.25.0+ds-1

Package: JSON [Main page]

---

Back to the Debian Project homepage.

---