From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: bug#27462: OCaml CVE-2015-8869 Date: Fri, 23 Jun 2017 12:41:29 -0400 Message-ID: <20170623164129.GA4417@jasmine.lan> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="n8g4imXOkfNTN/H1" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:38619) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dOReo-0003I6-1F for bug-guix@gnu.org; Fri, 23 Jun 2017 12:42:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dORek-00089X-TP for bug-guix@gnu.org; Fri, 23 Jun 2017 12:42:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:60245) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dORek-00089L-PH for bug-guix@gnu.org; Fri, 23 Jun 2017 12:42:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dORek-0005Z6-EC for bug-guix@gnu.org; Fri, 23 Jun 2017 12:42:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:38493) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dOReO-0002up-MT for bug-guix@gnu.org; Fri, 23 Jun 2017 12:41:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dOReL-0007y7-Ct for bug-guix@gnu.org; Fri, 23 Jun 2017 12:41:40 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:46793) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dOReL-0007wO-5k for bug-guix@gnu.org; Fri, 23 Jun 2017 12:41:37 -0400 Received: from localhost (unknown [128.64.129.7]) by mail.messagingengine.com (Postfix) with ESMTPA id 12BB07E74F for ; Fri, 23 Jun 2017 12:41:32 -0400 (EDT) Content-Disposition: inline List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 27462@debbugs.gnu.org --n8g4imXOkfNTN/H1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Our package ocaml-4.01 is vulnerable to CVE-2015-8869, which we patched in the primary ocaml package in April 2016. Unfortunately, this patch was not included when the ocaml-4.01 package was created in January 2017. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8869 Do we need this older version of OCaml? If so, we need a volunteer to maintain it. --n8g4imXOkfNTN/H1 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllNRLkACgkQJkb6MLrK fwj7iBAApfFEXyT3GtGhl6f1H2JaDeFv6ckXtJ+fn2ZZIEtD3sC7x3dyRhZekDKz cPRv9GHwB7jdmrNm9xwlYrWs58t3hE7k2u8+bBVGdoPruysyt3z+FY3VGyr3WG8r FPqNLYKK+V2iPEibehBg1s0Y8+V1oYDUQoa5Za2lNvQCimt0cZ6pT+W519bqqckG eywFYUnT80dKR5B1IOUoSVip0pK9cSoVBpA6tZzB+HzUYN+A/HgRsIUf3pCskpbS BwFAC4ySCGjiexxIgAw/yQNmRSem8JpIRxlZ3UOqwjN9yW76H0ZY0AQWT56VVvsl LFAuOXy91lDjV4x0kzcvhfUgMyRgDPLBO70fi3tiasKvp650f57Ur8AJ1Wb1eTfw Lip2hzoj/dpSp/ynFqWP0HPwErb6jEObYapByKtz7LpWb7hBPy9bmgA9TFYri+Wt tjpIeOpn7DMRQ0ynOZdlGEJhW75eyj5CyDCf4g1+sNbk67faBAnflPFKxm51g0Mk UiLmkMa1v2lM6fMHsgY7tVid2mBbczbO0ItuuCJ8SEyTdTXHIf6pB3IhYAnZ72dr eK+Bbx7J3qEJYAkINHmfKsvDv8l0OUQ9+3wJa6U9GyawVSlTaUzkuxgN+vYB/IYB aFUmaihSG7+fK8i7iGcV7mgPtyMUbvJdpi0ODWz95I5BfJ2YUGU= =xkqn -----END PGP SIGNATURE----- --n8g4imXOkfNTN/H1--