#27463 - OCaml CVE-2017-9772 - GNU bug report logs

GNU bug report logs - #27463
OCaml CVE-2017-9772

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Fri, 23 Jun 2017 16:43:02 UTC

Severity: normal

Tags: security

Done: Julien Lepiller <julien <at> lepiller.eu>

Bug is archived. No further changes may be made.

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System) To: Leo Famulari <leo <at> famulari.name> Subject: bug#27463: closed (Re: Bug #27463 Hunting: OCaml CVE-2017-9772) Date: Thu, 14 Nov 2019 17:24:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report #27463: OCaml CVE-2017-9772 which was filed against the guix package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 27463 <at> debbugs.gnu.org. -- 27463: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=27463 GNU Bug Tracking System Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Julien Lepiller <julien <at> lepiller.eu>
To: zimoun <zimon.toutoune <at> gmail.com>,27463-done <at> debbugs.gnu.org
Subject: Re: Bug #27463 Hunting: OCaml CVE-2017-9772
Date: Thu, 14 Nov 2019 18:23:43 +0100

Le 14 novembre 2019 17:22:41 GMT+01:00, zimoun <zimon.toutoune <at> gmail.com> a écrit :
>Dear,
>
>This bug was opened for Ocaml version 4.02 and 4.01, then Debian said
>it affects version 4.04 and today (two years later) the version is
>4.07. Does this security still make sense?
>
>If yes, please indicate me what can I do to proceed: apply the
>security patch and close the issue.
>If no, I plan to close this bug.
>
>
>Thank you in advance for any comments.
>
>All the best,
>simon
>
>https://debbugs.gnu.org/cgi/bugreport.cgi?bug=27463

Closing as the security issue does not apply to our OCaml version.

[Message part 3 (message/rfc822, inline)]

From: Leo Famulari <leo <at> famulari.name>
To: bug-guix <at> gnu.org
Subject: OCaml CVE-2017-9772
Date: Fri, 23 Jun 2017 12:41:50 -0400

[Message part 4 (text/plain, inline)]

Our packages of OCaml 4.02.3 and 4.01.0 are vulnerable to CVE-2017-9772:

http://seclists.org/oss-sec/2017/q2/575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9772

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 5 years and 246 days ago.

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #27463 OCaml CVE-2017-9772

GNU bug report logs - #27463
OCaml CVE-2017-9772