bug#27463: OCaml CVE-2017-9772

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27463: OCaml CVE-2017-9772

From:	Efraim Flashner
Subject:	bug#27463: OCaml CVE-2017-9772
Date:	Thu, 29 Jun 2017 22:17:41 +0300
User-agent:	Mutt/1.8.3 (2017-05-23)

On Fri, Jun 23, 2017 at 12:41:50PM -0400, Leo Famulari wrote:
> Our packages of OCaml 4.02.3 and 4.01.0 are vulnerable to CVE-2017-9772:
> 
> http://seclists.org/oss-sec/2017/q2/575
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9772

According to Debian¹ only Ocaml-4.04.[01] is affected

¹https://security-tracker.debian.org/tracker/CVE-2017-9772

-- 
Efraim Flashner   <address@hidden>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#27463: OCaml CVE-2017-9772, Leo Famulari, 2017/06/23
- bug#27463: OCaml CVE-2017-9772, Efraim Flashner <=

Prev by Date: bug#27042: test-package.sh fails on aarch64
Next by Date: bug#27042: test-package.sh fails on aarch64
Previous by thread: bug#27463: OCaml CVE-2017-9772
Next by thread: bug#27467: Xfce broken, because it propagates two different versions of gtk+
Index(es):
- Date
- Thread