Your message dated Thu, 13 Jul 2023 10:34:19 +0000
with message-id <[email protected]>
and subject line Bug#1037100: fixed in cpp-httplib 0.11.4+ds-2
has caused the Debian Bug report #1037100,
regarding cpp-httplib: CVE-2023-26130
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1037100: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037100
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: cpp-httplib
Version: 0.11.4+ds-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for cpp-httplib.

CVE-2023-26130[0]:
| Versions of the package yhirose/cpp-httplib before 0.12.4 are
| vulnerable to CRLF Injection when untrusted user input is used to set
| the content-type header in the HTTP .Patch, .Post, .Put and .Delete
| requests. This can lead to logical errors and other misbehaviors.
| **Note:** This issue is present due to an incomplete fix for
| [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-
| YHIROSECPPHTTPLIB-2366507).

The related CVE-2020-11709 was fixed before the initial upload to
Debian.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-26130
    https://www.cve.org/CVERecord?id=CVE-2023-26130
[1] https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-5591194
[2] 
https://github.com/yhirose/cpp-httplib/commit/5b397d455d25a391ba346863830c1949627b4d08

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: cpp-httplib
Source-Version: 0.11.4+ds-2
Done: Andrea Pappacoda <[email protected]>

We believe that the bug you reported is fixed in the latest version of
cpp-httplib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andrea Pappacoda <[email protected]> (supplier of updated cpp-httplib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 13 Jul 2023 10:16:54 +0200
Source: cpp-httplib
Architecture: source
Version: 0.11.4+ds-2
Distribution: unstable
Urgency: medium
Maintainer: Andrea Pappacoda <[email protected]>
Changed-By: Andrea Pappacoda <[email protected]>
Closes: 1037100
Changes:
 cpp-httplib (0.11.4+ds-2) unstable; urgency=medium
 .
   * d/patches: fix fox CVE-2023-26130.
     Backport of the security fix for CVE-2023-26130, a CRLF Injection, from
     upstream commit 5b397d455d25a391ba346863830c1949627b4d08 included in
     upstream release 0.12.4 and newer. (Closes: #1037100)
Checksums-Sha1:
 fe6a74f19934499c84675ead18bb78d31d3ac4bc 1602 cpp-httplib_0.11.4+ds-2.dsc
 f0e1c93f394d227b67ab70893036b97bfa9c4f8f 5592 
cpp-httplib_0.11.4+ds-2.debian.tar.xz
 d51e07587ce9e38c713b6e3f217d41597612f4d5 6024 
cpp-httplib_0.11.4+ds-2_source.buildinfo
Checksums-Sha256:
 29095b808b5d7b29c3b198d4764c105c0ce8877d0dfc39d86e9f11c0ab4e4771 1602 
cpp-httplib_0.11.4+ds-2.dsc
 9a50c9932082e38e3b1dc9186e378b4482e736a235369e9c439c6a8b6f24b3b9 5592 
cpp-httplib_0.11.4+ds-2.debian.tar.xz
 65586b4d7ac00b404fa4de14dab60b84c66166240a698d3a48df77709d167e7b 6024 
cpp-httplib_0.11.4+ds-2_source.buildinfo
Files:
 2e10eff45b25ff05af9be27541467862 1602 libs optional cpp-httplib_0.11.4+ds-2.dsc
 1971483dea888139b5d5f02a117c16e8 5592 libs optional 
cpp-httplib_0.11.4+ds-2.debian.tar.xz
 cf969ee111fbdf8d91f0969ec9912e3b 6024 libs optional 
cpp-httplib_0.11.4+ds-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQS6VuNIvZRFHt7JcAdKkgiiRVB3pwUCZK/OlgAKCRBKkgiiRVB3
pyKCAQDa7TOYlSJAnKBLqINyfepZPaEpPKL3kuwfcb/sSyp0KgD/ebgV4NLaCLDx
hfRbyys/OA5njcXJiPGoUQnAuIeFdw4=
=WQ1d
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to