GNU bug report logs - #27463
OCaml CVE-2017-9772

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Fri, 23 Jun 2017 16:43:02 UTC

Severity: normal

Tags: security

Done: Julien Lepiller <julien <at> lepiller.eu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Efraim Flashner <efraim <at> flashner.co.il>
To: Leo Famulari <leo <at> famulari.name>
Cc: 27463 <at> debbugs.gnu.org
Subject: bug#27463: OCaml CVE-2017-9772
Date: Thu, 29 Jun 2017 22:17:41 +0300

[Message part 1 (text/plain, inline)]
On Fri, Jun 23, 2017 at 12:41:50PM -0400, Leo Famulari wrote:
> Our packages of OCaml 4.02.3 and 4.01.0 are vulnerable to CVE-2017-9772:
> 
> http://seclists.org/oss-sec/2017/q2/575
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9772

According to Debian¹ only Ocaml-4.04.[01] is affected

¹https://security-tracker.debian.org/tracker/CVE-2017-9772

-- 
Efraim Flashner   <efraim <at> flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 5 years and 247 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.