Your message dated Sun, 17 Aug 2025 22:34:36 +0000
with message-id <[email protected]>
and subject line Bug#1109838: fixed in libhtp 1:0.5.51-1
has caused the Debian Bug report #1109838,
regarding libhtp: CVE-2025-53537
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1109838: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109838
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libhtp
Version: 1:0.5.50-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libhtp.
CVE-2025-53537[0]:
| LibHTP is a security-aware parser for the HTTP protocol and its
| related bits and pieces. In versions 0.5.50 and below, there is a
| traffic-induced memory leak that can starve the process of memory,
| leading to loss of visibility. To workaround this issue, set
| `suricata.yaml app-layer.protocols.http.libhtp.default-config.lzma-
| enabled` to false. This issue is fixed in version 0.5.51.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-53537
https://www.cve.org/CVERecord?id=CVE-2025-53537
[1] https://github.com/OISF/libhtp/security/advisories/GHSA-v3qq-h8mh-vph7
[2]
https://github.com/OISF/libhtp/commit/9037ea35110a0d97be5cedf8d31fb4cd9a38c7a7
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libhtp
Source-Version: 1:0.5.51-1
Done: Sascha Steinbiss <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libhtp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sascha Steinbiss <[email protected]> (supplier of updated libhtp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 02 Aug 2025 11:55:15 +0200
Source: libhtp
Architecture: source
Version: 1:0.5.51-1
Distribution: unstable
Urgency: medium
Maintainer: Sascha Steinbiss <[email protected]>
Changed-By: Sascha Steinbiss <[email protected]>
Closes: 1109838
Changes:
libhtp (1:0.5.51-1) unstable; urgency=medium
.
* New upstream release fixing security issue CVE-2025-53537.
See https://redmine.openinfosecfoundation.org/issues/7766.
This is just a very minor bugfix release with no additional features.
Closes: #1109838
Checksums-Sha1:
9fe63407668cf0d78662a56d99fbdc3453783e8e 1906 libhtp_0.5.51-1.dsc
fec1fb9b4834075740487474824e791610a28d2a 504416 libhtp_0.5.51.orig.tar.gz
6faf2ebf270be7ae213681196a22fd0637112b98 6640 libhtp_0.5.51-1.debian.tar.xz
e4e929e071e00920494da310af9b38bfcc3739d6 6324 libhtp_0.5.51-1_amd64.buildinfo
Checksums-Sha256:
0830888054fa0d898bdc5955f12c8733fc90caef26c8b67e1cc9d2a34787cd27 1906
libhtp_0.5.51-1.dsc
699475c2e512d5af05312e808f1f759a5d3c4cb154e73d82eaa6906ceacfaeb4 504416
libhtp_0.5.51.orig.tar.gz
f408b28533701c0906053c10b52accdf5db91bc88e44877ad40833de3ee7f236 6640
libhtp_0.5.51-1.debian.tar.xz
a6e621d4588709c0721b33b50427f29ff962a7bacc899df8adafc0cf912f30e2 6324
libhtp_0.5.51-1_amd64.buildinfo
Files:
cc344de78ae6bf306278c4b65c459140 1906 libs optional libhtp_0.5.51-1.dsc
0ac3916a4c5014e17f9dca9d0de9d7fe 504416 libs optional libhtp_0.5.51.orig.tar.gz
dac58916394e3180b5209d3635750938 6640 libs optional
libhtp_0.5.51-1.debian.tar.xz
e6fe5b6617f29e2b39b9d0aff3ec98a4 6324 libs optional
libhtp_0.5.51-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEWzS6WqtVB+kDQm6F6NN64vCfSHIFAmiiVN4ACgkQ6NN64vCf
SHIyWg/6AqyDf502urNNduuYlA3ObHaJhhyuxBXfzcZPEMBZT2SpkPoeq3/vWfIm
NA3tGsuNMURk0lua0MDY8hxsjqdqbd8nC1O4VJ/G0h1Rc9QdYFki1tKDfd57gxct
vfoQwG0OgAbbaEqv3SOLWBPy2fibJaVk41hwNq7xuaZ/GfU+u67Y89iQNR8t5STp
u3R1lcv7W7DqOQz7sELD8wMv/Vfv16ysgIpEMPSmzY70lD6X4g51b/NWG/IARhRl
C6EKMchAA7aS0Z/cpCOhIx3oBrNazu5rpJMZlRGHv1FMqw51Nzo9ZcvLTxr2Jj4j
HdEljTGJP+VHk6xMcTQdNxWHu9bySLHT+tyZJgfAe+kBYXKFlCswXxnaxWcFcz6u
dEUcL/XhGfjJrOOUriqrlfXmgvO8Zo8qC04i6upmOzyCS0k223FQgQAmTdrCYT+U
gvo83lYEI326ANqec8V+VxE3L/CyqobNSLBewhP8TxygXMVlr2gdHk8On2XedEdx
enoVtrmJqI74icq7xDaHfnMklUYai3qgzZGBcmLLlGaztcPXdGDtyfZLRxq88b9B
Gip2I14qRDZzTVjjkucUgyzoZlTcCt0cVOrKAV38V/GvXmu2JfFRHZndla7itI5G
495P/txCP/ag9mpd6yFa9915ZQp3QmLYTtmeyqldJupLrX0yB+4=
=geaD
-----END PGP SIGNATURE-----
pgp0la1XakPiP.pgp
Description: PGP signature
--- End Message ---
