Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted cpp-httplib 0.41.0+ds-3 (source) into unstable
Date: Fri, 17 Apr 2026 08:59:35 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 17 Apr 2026 09:47:23 +0200
Source: cpp-httplib
Architecture: source
Version: 0.41.0+ds-3
Distribution: unstable
Urgency: medium
Maintainer: Andrea Pappacoda <tachi@debian.org>
Changed-By: Andrea Pappacoda <tachi@debian.org>
Closes: 1104926 1109340 1122027 1124586 1126754 1130232 1130234 1130235 1130505 1130876 1132162 1133187
Changes:
 cpp-httplib (0.41.0+ds-3) unstable; urgency=medium
 .
   * Upload to unstable. See Bug#1126438
   * d/rules: disable last failing tests on i386
   * d/watch: update to version 5
 .
 cpp-httplib (0.41.0+ds-2) experimental; urgency=medium
 .
   * d/rules: increase test timeout
   * d/rules: make test skip patterns more specific
   * d/rules: skip some more flaky tests
 .
 cpp-httplib (0.41.0+ds-1) experimental; urgency=medium
 .
   * Update to new upstream version 0.41.0+ds.
   * Fix numerous CVEs in the server component:
     - CVE-2025-66570 and CVE-2025-66577. Closes: #1122027
     - CVE-2026-21428. Closes: #1124586
     - CVE-2026-22776. Closes: #1126754
     - CVE-2026-28434. Closes: #1130232
     - CVE-2026-28435. Closes: #1130234
     - CVE-2026-29076. Closes: #1130235
     - CVE-2026-31870. Closes: #1130505
     - CVE-2026-34441. Closes: #1133187
   * Fix two CVEs in the client component:
     - CVE-2026-32627. Closes: #1130876
     - CVE-2026-33745. Closes: #1132162
   * d/control: libcpp-httplib0.26 -> libcpp-httplib0.41
   * d/rules: disable WebSocketIntegrationTest.SocketSettings test
 .
 cpp-httplib (0.26.0+ds-2) experimental; urgency=low
 .
   * Re-do upload, with binaries
 .
 cpp-httplib (0.26.0+ds-1) experimental; urgency=medium
 .
   * Update to new upstream version 0.26.0+ds.
   * build(meson): use C++17 for gtest >= 1.17.0
   * d/control: libcpp-httplib0.25 -> libcpp-httplib0.26
   * d/rules: use new option names
 .
 cpp-httplib (0.25.0+ds-1) experimental; urgency=medium
 .
   * Update to new upstream version 0.25.0+ds.
 .
   * Fix numerous CVEs (Closes: #1109340):
     - CVE-2025-52887 (Unlimited number of HTTP headers causes memory leak).
       Version 0.22.0 adds a limit to the number of headers which can be passed
       in an HTTP request, mitigating a possible DoS due to memory exhaustion.
 .
     - CVE-2025-53628 (HTTP Header Smuggling due to insecure trailers merge).
       Version 0.23.0 changes the way HTTP trailer fields are handled so to
       avoid an attacker to modify headers with prohibited trailers.
 .
     - CVE-2025-53629 (Unbounded Memory Allocation in Chunked Requests).
       Version 0.23.0 complements the fix for CVE-2025-46728, actually solving
       memory exhaustion attacks via chucked HTTP requests.
 .
   * d/control: libcpp-httplib0.20 -> libcpp-httplib0.25
   * d/changelog: mention CVE-2025-46728 in 0.20.1+ds-1 changelog entry.
   * d/rules: remove redundant file copy
 .
 cpp-httplib (0.20.1+ds-3) experimental; urgency=low
 .
   * Third time's the charm
 .
 cpp-httplib (0.20.1+ds-2) experimental; urgency=low
 .
   * Re-try git-debpush upload
 .
 cpp-httplib (0.20.1+ds-1) experimental; urgency=low
 .
   * Update to new upstream version 0.20.1+ds.
   * fix CVE-2025-46728 (DoS via unbounded request line length).
     While this version intended to enforce request body size limits for
     chunked Transfer-Encoding, it actually adds size limits for a unique
     lines read from HTTP requests, solving another kind of DoS.
     See the GHSA-px83-72rx-v57c GitHub advisory for more details.
     Thanks to Yang Wang for the patch!
     Closes: #1104926
   * d/control: libcpp-httplib0.18 -> libcpp-httplib0.20
Checksums-Sha1:
 c38e91dd8571b315ab9607b0b1cda4cf19955e16 2576 cpp-httplib_0.41.0+ds-3.dsc
 30aac48dbfc988af1fe2afaf939c1bcacc57fb69 6236 cpp-httplib_0.41.0+ds-3.debian.tar.xz
 48526436d4d75f6893e7f6a278f126a6d8818928 1834568 cpp-httplib_0.41.0+ds-3.git.tar.xz
 fe9c2558724e1a128ba65c97af335f8eb428bab7 17366 cpp-httplib_0.41.0+ds-3_source.buildinfo
Checksums-Sha256:
 462d7f953c81fcb2c699dd694cea9989cf11c4762e9b4cd30f4b2b6d6a190a49 2576 cpp-httplib_0.41.0+ds-3.dsc
 706d1e41f837881506927eeea8db4a80c3c14a0129359981abf6baa94fa6c20b 6236 cpp-httplib_0.41.0+ds-3.debian.tar.xz
 d38b473b32b17bdb86f76d155718288c52bf9074f57a680923dbda2fd27cc512 1834568 cpp-httplib_0.41.0+ds-3.git.tar.xz
 dbcd01c9b16fa296a24041dc4795dbfc11421b57908789fada6e3d490cb0a1de 17366 cpp-httplib_0.41.0+ds-3_source.buildinfo
Files:
 b4de237fda5f46689bf170be712a7b2b 2576 libs optional cpp-httplib_0.41.0+ds-3.dsc
 9e3a37ae3b0a58d9367f6807ff1b7555 6236 libs optional cpp-httplib_0.41.0+ds-3.debian.tar.xz
 d02efa6ced2ba2db2e197ec5f2b3b162 1834568 libs None cpp-httplib_0.41.0+ds-3.git.tar.xz
 c0e9f90fc65bad145050e103bbab85da 17366 libs optional cpp-httplib_0.41.0+ds-3_source.buildinfo
Git-Tag-Info: tag=5872780c22007e8698543cb7d677df37ef314b94 fp=ba56e348bd94451edec970074a9208a2455077a7
Git-Tag-Tagger: Andrea Pappacoda <tachi@debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmnh5+8ACgkQYG0ITkaD
wHkN8BAAkoAdK4XpbtsoqJVFX8RH9PeS1JUcwZr/wKBUKorfbjWeUXMsFx+1nXDX
fjpEVlIfYyGesd6AbJCgeVDo9o2G/PkBSBejW8z01szOyNeAZ8r2x2/eM4a+afgB
NlnxLnlmXnt9fe+dINx/+ChxPTQthfaDgSGVvFK29zHZIHOQwsmkDEmLVj0b7Hj2
nakTODeDtHXGcZ/acgruX7bIw37+emznvzYSehxVfw+K0DeGMZpZkTgY6StsC0cM
3LsDouOVl7MRnudYILXq/BAmwFo49s6zJUNRYFMkz0O9PiDhB7HEVCJnTldNh6mX
hLxJrqVbSyDuOwhW6fwl4ElLVXp9eG/GiMxfzA0CaTihWestJTR+2pQcO9TgC9i0
Gw5QWDZYwL4Ts3+2DZcUuOciWIQ9VkoExuvZj3GrlaCI5BhslS1jxWVXvEfvK32N
gliAYdPtxiqZeQiwIHZlRt8vCTFKHIxUJM1pQxlPtFgXiy0zj/nBBbo4uqRtE7oo
dNTiVb7k+DBSAa6RJEakY0kDrpZOPZvk95JfmgHcSS0aVSGfsnFppREoM6dAGe7V
mai7xONMasH5EEzMxPz6D+/1xksl9IjsuSlVYFOSN4nCaoVV9m5ZA6yybCLnsQmn
gJpzPctvBAAdWHDgZVUImooEUW2FbDTlRdxtD/Qu13lTjAGUhGE=
=lThx
-----END PGP SIGNATURE-----
News for package cpp-httplib
