* bug#27463: OCaml CVE-2017-9772
@ 2017-06-23 16:41 Leo Famulari
2017-06-29 19:17 ` Efraim Flashner
2019-11-14 16:22 ` bug#27463: Bug #27463 Hunting: " zimoun
0 siblings, 2 replies; 4+ messages in thread
From: Leo Famulari @ 2017-06-23 16:41 UTC (permalink / raw)
To: 27463
[-- Attachment #1: Type: text/plain, Size: 175 bytes --]
Our packages of OCaml 4.02.3 and 4.01.0 are vulnerable to CVE-2017-9772:
http://seclists.org/oss-sec/2017/q2/575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9772
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#27463: OCaml CVE-2017-9772
2017-06-23 16:41 bug#27463: OCaml CVE-2017-9772 Leo Famulari
@ 2017-06-29 19:17 ` Efraim Flashner
2019-11-14 16:22 ` bug#27463: Bug #27463 Hunting: " zimoun
1 sibling, 0 replies; 4+ messages in thread
From: Efraim Flashner @ 2017-06-29 19:17 UTC (permalink / raw)
To: Leo Famulari; +Cc: 27463
[-- Attachment #1: Type: text/plain, Size: 584 bytes --]
On Fri, Jun 23, 2017 at 12:41:50PM -0400, Leo Famulari wrote:
> Our packages of OCaml 4.02.3 and 4.01.0 are vulnerable to CVE-2017-9772:
>
> http://seclists.org/oss-sec/2017/q2/575
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9772
According to Debian¹ only Ocaml-4.04.[01] is affected
¹https://security-tracker.debian.org/tracker/CVE-2017-9772
--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#27463: Bug #27463 Hunting: OCaml CVE-2017-9772
2017-06-23 16:41 bug#27463: OCaml CVE-2017-9772 Leo Famulari
2017-06-29 19:17 ` Efraim Flashner
@ 2019-11-14 16:22 ` zimoun
2019-11-14 17:23 ` Julien Lepiller
1 sibling, 1 reply; 4+ messages in thread
From: zimoun @ 2019-11-14 16:22 UTC (permalink / raw)
To: 27463, Leo Famulari, Julien Lepiller, Ludovic Courtès
Dear,
This bug was opened for Ocaml version 4.02 and 4.01, then Debian said
it affects version 4.04 and today (two years later) the version is
4.07. Does this security still make sense?
If yes, please indicate me what can I do to proceed: apply the
security patch and close the issue.
If no, I plan to close this bug.
Thank you in advance for any comments.
All the best,
simon
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=27463
^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#27463: Bug #27463 Hunting: OCaml CVE-2017-9772
2019-11-14 16:22 ` bug#27463: Bug #27463 Hunting: " zimoun
@ 2019-11-14 17:23 ` Julien Lepiller
0 siblings, 0 replies; 4+ messages in thread
From: Julien Lepiller @ 2019-11-14 17:23 UTC (permalink / raw)
To: zimoun, 27463-done
Le 14 novembre 2019 17:22:41 GMT+01:00, zimoun <zimon.toutoune@gmail.com> a écrit :
>Dear,
>
>This bug was opened for Ocaml version 4.02 and 4.01, then Debian said
>it affects version 4.04 and today (two years later) the version is
>4.07. Does this security still make sense?
>
>If yes, please indicate me what can I do to proceed: apply the
>security patch and close the issue.
>If no, I plan to close this bug.
>
>
>Thank you in advance for any comments.
>
>All the best,
>simon
>
>https://debbugs.gnu.org/cgi/bugreport.cgi?bug=27463
Closing as the security issue does not apply to our OCaml version.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-11-14 17:24 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-06-23 16:41 bug#27463: OCaml CVE-2017-9772 Leo Famulari
2017-06-29 19:17 ` Efraim Flashner
2019-11-14 16:22 ` bug#27463: Bug #27463 Hunting: " zimoun
2019-11-14 17:23 ` Julien Lepiller
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).