(name . Leo Famulari)(address . firstname.lastname@example.org)(address . email@example.com)
On Fri, Jun 23, 2017 at 12:41:50PM -0400, Leo Famulari wrote:
Toggle quote (5 lines)> Our packages of OCaml 4.02.3 and 4.01.0 are vulnerable to CVE-2017-9772:> > http://seclists.org/oss-sec/2017/q2/575> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9772
According to Debian¹ only Ocaml-4.04. is affected ¹https://security-tracker.debian.org/tracker/CVE-2017-9772 -- Efraim Flashner <firstname.lastname@example.org> אפרים פלשנרGPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351Confidentiality cannot be guaranteed on emails sent or received unencrypted
Dear, This bug was opened for Ocaml version 4.02 and 4.01, then Debian saidit affects version 4.04 and today (two years later) the version is4.07. Does this security still make sense? If yes, please indicate me what can I do to proceed: apply thesecurity patch and close the issue.If no, I plan to close this bug.
Le 14 novembre 2019 17:22:41 GMT+01:00, zimoun <email@example.com> a écrit :
Toggle quote (18 lines)>Dear,>>This bug was opened for Ocaml version 4.02 and 4.01, then Debian said>it affects version 4.04 and today (two years later) the version is>4.07. Does this security still make sense?>>If yes, please indicate me what can I do to proceed: apply the>security patch and close the issue.>If no, I plan to close this bug.>>>Thank you in advance for any comments.>>All the best,>simon>>https://debbugs.gnu.org/cgi/bugreport.cgi?bug=27463
Closing as the security issue does not apply to our OCaml version.