On Fri, Jun 23, 2017 at 12:41:50PM -0400, Leo Famulari wrote: > Our packages of OCaml 4.02.3 and 4.01.0 are vulnerable to CVE-2017-9772: > > http://seclists.org/oss-sec/2017/q2/575 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9772 According to Debian¹ only Ocaml-4.04.[01] is affected ¹https://security-tracker.debian.org/tracker/CVE-2017-9772 -- Efraim Flashner אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted