Our package ocaml-4.01 is vulnerable to CVE-2015-8869, which we patched
in the primary ocaml package in April 2016. Unfortunately, this patch
was not included when the ocaml-4.01 package was created in January
2017.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8869

Do we need this older version of OCaml? If so, we need a volunteer to
maintain it.