Re: Ocaml function used in packages

To: Thorsten Alteholz <alteholz@debian.org>
Cc: Debian OCaml Maintainers <debian-ocaml-maint@lists.debian.org>
Subject: Re: Ocaml function used in packages
From: Stéphane Glondu <glondu@debian.org>
Date: Fri, 13 May 2016 10:27:58 +0200
Message-id: <[🔎] 5735900E.108@debian.org>
In-reply-to: <[🔎] alpine.DEB.2.02.1605122256290.29787@jupiter.server.alteholz.net>
References: <[🔎] alpine.DEB.2.02.1605122256290.29787@jupiter.server.alteholz.net>

On 12/05/2016 23:04, Thorsten Alteholz wrote:

after fixing CVE-2015-8869 in Wheezy, I assume that all packages which
use the affected functions need to be recompiled.
So is there an easy way to find out what packages need this recompilation?

The functions are:
  caml_bitvect_test
  caml_blit_string
  caml_alloc_dummy_float
  caml_alloc_dummy

Or would it be better to recompile everything? How could that be done best?

caml_alloc_dummy is pervasive. I think it would be better to recompileevery package that ships an ELF executable compiled with ocamlc or ocamlopt.

BinNMUs should be enough but I don't know if it is possible to do themwithin security updates suites.



Cheers,

--
Stéphane

Reply to:

References:
- Ocaml function used in packages
  - From: Thorsten Alteholz <alteholz@debian.org>

Prev by Date: Ocaml function used in packages
Next by Date: Processing of dose3_4.3-1_source.changes
Previous by thread: Ocaml function used in packages
Next by thread: Processing of dose3_4.3-1_source.changes
Index(es):
- Date
- Thread