From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andreas Enge Subject: bug#27462: OCaml CVE-2015-8869 Date: Tue, 19 Feb 2019 23:17:52 +0100 Message-ID: <20190219221752.GA4351@jurong> References: <20190131165613.GA27597@jurong> <20190131172113.GA29071@jurong> <96513178-922C-49D6-AF32-0EF723343C8E@lepiller.eu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([209.51.188.92]:43777) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gwDiG-0005Zx-Dz for bug-guix@gnu.org; Tue, 19 Feb 2019 17:18:05 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gwDiF-0005dO-2e for bug-guix@gnu.org; Tue, 19 Feb 2019 17:18:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:56055) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gwDiE-0005dA-RA for bug-guix@gnu.org; Tue, 19 Feb 2019 17:18:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1gwDiE-0000fR-1r for bug-guix@gnu.org; Tue, 19 Feb 2019 17:18:02 -0500 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <96513178-922C-49D6-AF32-0EF723343C8E@lepiller.eu> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Julien Lepiller Cc: 27462@debbugs.gnu.org On Thu, Jan 31, 2019 at 06:30:27PM +0100, Julien Lepiller wrote: > I still care about ocaml-4.02, but I could probably update it to ocaml-4.04 without breaking dependents. Commits 2e125ece093ef842ca017ffb146cbc5fa33f2f75 and 4982c0c98deecea0d4f69f14ea28cab53b5f2123 remove ocaml@4.01, pplacer and all other dependent packages. Is ocaml@4.02 really needed? It would be nice to get rid of a package with CVE. Andreas