unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
* bug#27463: OCaml CVE-2017-9772
@ 2017-06-23 16:41 Leo Famulari
  2017-06-29 19:17 ` Efraim Flashner
  2019-11-14 16:22 ` bug#27463: Bug #27463 Hunting: " zimoun
  0 siblings, 2 replies; 4+ messages in thread
From: Leo Famulari @ 2017-06-23 16:41 UTC (permalink / raw)
  To: 27463

[-- Attachment #1: Type: text/plain, Size: 175 bytes --]

Our packages of OCaml 4.02.3 and 4.01.0 are vulnerable to CVE-2017-9772:

http://seclists.org/oss-sec/2017/q2/575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9772

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* bug#27463: OCaml CVE-2017-9772
  2017-06-23 16:41 bug#27463: OCaml CVE-2017-9772 Leo Famulari
@ 2017-06-29 19:17 ` Efraim Flashner
  2019-11-14 16:22 ` bug#27463: Bug #27463 Hunting: " zimoun
  1 sibling, 0 replies; 4+ messages in thread
From: Efraim Flashner @ 2017-06-29 19:17 UTC (permalink / raw)
  To: Leo Famulari; +Cc: 27463

[-- Attachment #1: Type: text/plain, Size: 584 bytes --]

On Fri, Jun 23, 2017 at 12:41:50PM -0400, Leo Famulari wrote:
> Our packages of OCaml 4.02.3 and 4.01.0 are vulnerable to CVE-2017-9772:
> 
> http://seclists.org/oss-sec/2017/q2/575
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9772

According to Debian¹ only Ocaml-4.04.[01] is affected

¹https://security-tracker.debian.org/tracker/CVE-2017-9772

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* bug#27463: Bug #27463 Hunting: OCaml CVE-2017-9772
  2017-06-23 16:41 bug#27463: OCaml CVE-2017-9772 Leo Famulari
  2017-06-29 19:17 ` Efraim Flashner
@ 2019-11-14 16:22 ` zimoun
  2019-11-14 17:23   ` Julien Lepiller
  1 sibling, 1 reply; 4+ messages in thread
From: zimoun @ 2019-11-14 16:22 UTC (permalink / raw)
  To: 27463, Leo Famulari, Julien Lepiller, Ludovic Courtès

Dear,

This bug was opened for Ocaml version 4.02 and 4.01, then Debian said
it affects version 4.04 and today (two years later) the version is
4.07. Does this security still make sense?

If yes, please indicate me what can I do to proceed: apply the
security patch and close the issue.
If no, I plan to close this bug.


Thank you in advance for any comments.

All the best,
simon

https://debbugs.gnu.org/cgi/bugreport.cgi?bug=27463

^ permalink raw reply	[flat|nested] 4+ messages in thread

* bug#27463: Bug #27463 Hunting: OCaml CVE-2017-9772
  2019-11-14 16:22 ` bug#27463: Bug #27463 Hunting: " zimoun
@ 2019-11-14 17:23   ` Julien Lepiller
  0 siblings, 0 replies; 4+ messages in thread
From: Julien Lepiller @ 2019-11-14 17:23 UTC (permalink / raw)
  To: zimoun, 27463-done

Le 14 novembre 2019 17:22:41 GMT+01:00, zimoun <zimon.toutoune@gmail.com> a écrit :
>Dear,
>
>This bug was opened for Ocaml version 4.02 and 4.01, then Debian said
>it affects version 4.04 and today (two years later) the version is
>4.07. Does this security still make sense?
>
>If yes, please indicate me what can I do to proceed: apply the
>security patch and close the issue.
>If no, I plan to close this bug.
>
>
>Thank you in advance for any comments.
>
>All the best,
>simon
>
>https://debbugs.gnu.org/cgi/bugreport.cgi?bug=27463

Closing as the security issue does not apply to our OCaml version.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2019-11-14 17:24 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-06-23 16:41 bug#27463: OCaml CVE-2017-9772 Leo Famulari
2017-06-29 19:17 ` Efraim Flashner
2019-11-14 16:22 ` bug#27463: Bug #27463 Hunting: " zimoun
2019-11-14 17:23   ` Julien Lepiller

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).