GNU bug report logs - #27463
OCaml CVE-2017-9772

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Fri, 23 Jun 2017 16:43:02 UTC

Severity: normal

Tags: security

Done: Julien Lepiller <julien <at> lepiller.eu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Julien Lepiller <julien <at> lepiller.eu>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#27463: closed (OCaml CVE-2017-9772)
Date: Thu, 14 Nov 2019 17:24:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Thu, 14 Nov 2019 18:23:43 +0100
with message-id <1BA7F507-8EF5-4F79-A921-965CF141BC27 <at> lepiller.eu>
and subject line Re: Bug #27463 Hunting: OCaml CVE-2017-9772
has caused the debbugs.gnu.org bug report #27463,
regarding OCaml CVE-2017-9772
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
27463: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=27463
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: bug-guix <at> gnu.org
Subject: OCaml CVE-2017-9772
Date: Fri, 23 Jun 2017 12:41:50 -0400

[Message part 3 (text/plain, inline)]
Our packages of OCaml 4.02.3 and 4.01.0 are vulnerable to CVE-2017-9772:

http://seclists.org/oss-sec/2017/q2/575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9772

[signature.asc (application/pgp-signature, inline)]
[Message part 5 (message/rfc822, inline)]
From: Julien Lepiller <julien <at> lepiller.eu>
To: zimoun <zimon.toutoune <at> gmail.com>,27463-done <at> debbugs.gnu.org
Subject: Re: Bug #27463 Hunting: OCaml CVE-2017-9772
Date: Thu, 14 Nov 2019 18:23:43 +0100

Le 14 novembre 2019 17:22:41 GMT+01:00, zimoun <zimon.toutoune <at> gmail.com> a écrit :
>Dear,
>
>This bug was opened for Ocaml version 4.02 and 4.01, then Debian said
>it affects version 4.04 and today (two years later) the version is
>4.07. Does this security still make sense?
>
>If yes, please indicate me what can I do to proceed: apply the
>security patch and close the issue.
>If no, I plan to close this bug.
>
>
>Thank you in advance for any comments.
>
>All the best,
>simon
>
>https://debbugs.gnu.org/cgi/bugreport.cgi?bug=27463

Closing as the security issue does not apply to our OCaml version.
This bug report was last modified 5 years and 247 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.