From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 29 15:17:52 2017 Received: (at 27463) by debbugs.gnu.org; 29 Jun 2017 19:17:52 +0000 Received: from localhost ([127.0.0.1]:45028 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQewq-0006El-8f for submit@debbugs.gnu.org; Thu, 29 Jun 2017 15:17:52 -0400 Received: from flashner.co.il ([178.62.234.194]:38322) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQewo-0006EY-GF for 27463@debbugs.gnu.org; Thu, 29 Jun 2017 15:17:50 -0400 Received: from localhost (85.64.232.168.dynamic.barak-online.net [85.64.232.168]) by flashner.co.il (Postfix) with ESMTPSA id 6D937400D7; Thu, 29 Jun 2017 19:17:44 +0000 (UTC) Date: Thu, 29 Jun 2017 22:17:41 +0300 From: Efraim Flashner To: Leo Famulari Subject: Re: bug#27463: OCaml CVE-2017-9772 Message-ID: <20170629191741.GE1734@macbook42.flashner.co.il> References: <20170623164150.GA15440@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="uCPdOCrL+PnN2Vxy" Content-Disposition: inline In-Reply-To: <20170623164150.GA15440@jasmine.lan> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 27463 Cc: 27463@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --uCPdOCrL+PnN2Vxy Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 23, 2017 at 12:41:50PM -0400, Leo Famulari wrote: > Our packages of OCaml 4.02.3 and 4.01.0 are vulnerable to CVE-2017-9772: >=20 > http://seclists.org/oss-sec/2017/q2/575 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-9772 According to Debian=C2=B9 only Ocaml-4.04.[01] is affected =C2=B9https://security-tracker.debian.org/tracker/CVE-2017-9772 --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --uCPdOCrL+PnN2Vxy Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAllVUkwACgkQQarn3Mo9 g1E3Jw/+LQa+kkWkHW9ep2MZ978e71mqgk4Ce9SjKysfrkSHfdh1dKCf/OX0BWe4 2EfsDIFm9ATWt5sW6oWFe/At3UxByKs40WeeIqZvpzEJlLv/9uY6W8T3dhaflYqj GVP7gwk+D9l9lFdnxKhX5rfyJOt5CGyMJA4Q9NoDv+7MwCuFyWYgovphOib9Hfcc PKj3+2HWUbbfycK7MfiXS0FaHrWJOdeqcTk14t0m/JVjimJ3OY2XWSYksNKPhpCE RgjRqWChB2UKWBg9z0mYweloFQluc04UN+KTnyYyoASehr76v+HCdApnIhBoIXXd B+/6sFzWDN5j8NTiuAt6fl44tUYCV9rYvrGoDFrESy1g26NZxla+cXuU1S+6Uii2 BVwx9WCAelvAIeP9PYIFhzb8nQW9LxaJEz3qEm6POrZIedzdeV0cPlSE635LZ5Py FXOvygYABOHUa/FXUBZpS4jbsGJEBGqjcWPF7sMyHGt06xKcTpsppEYUlOb6/sxf FG48UvSf+n9s/PEIh1ldG3mmoXoC9eTvm+P5kaSG21JA+KbkT2RylR5ujzYPv8/Q /Q8u6dA7p5+Av65oqpb3k+ItMm2yPNhzfro7Co5FC6OAaIL3tCKyKD+uLDggOmkh dLyg42y8wzGmH+Fp3dgjC26sxtgaILtUezLjqKr5ugUFL9vN5rs= =falG -----END PGP SIGNATURE----- --uCPdOCrL+PnN2Vxy--