Bug#824139: ocaml: CVE-2015-8869

To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: 824139@bugs.debian.org
Subject: Bug#824139: ocaml: CVE-2015-8869
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 4 Oct 2016 22:38:51 +0200
Message-id: <[🔎] 20161004203851.bgt4myi5c2qfblx5@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 824139@bugs.debian.org
In-reply-to: <[🔎] 20161004202738.GA24739@inutil.org>
References: <146307905784.32382.601061476586937152.reportbug@eldamar.local> <[🔎] 20161004202738.GA24739@inutil.org>

Hi Moritz,

On Tue, Oct 04, 2016 at 10:27:38PM +0200, Moritz Muehlenhoff wrote:
> B0;115;0cOn Thu, May 12, 2016 at 08:50:57PM +0200, Salvatore Bonaccorso wrote:
> > Source: ocaml
> > Version: 3.12.1-4
> > Severity: important
> > Tags: security upstream patch fixed-upstream
> > Forwarded: http://caml.inria.fr/mantis/view.php?id=7003
> > Control: fixed -1 3.12.1-4+deb7u1
> > 
> > Hi,
> > 
> > the following vulnerability was published for ocaml.
> > 
> > CVE-2015-8869[0]:
> > buffer overflow and information leak
> 
> There have been various uploads since then, has this been fixed?

Just checked the current version in unstable, and it does not look yet
fixed. From the upstream bug report it looks that from upstream point
of view it will be for 4.03.0+dev / +beta1.

Regards,
Salvatore

Reply to:

References:
- Bug#824139: ocaml: CVE-2015-8869
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Bug#824139: ocaml: CVE-2015-8869
Next by Date: Bug#817129: dose-distcheck: provide option to ignore certain packages
Previous by thread: Bug#824139: ocaml: CVE-2015-8869
Next by thread: Bug#817129: dose-distcheck: provide option to ignore certain packages
Index(es):
- Date
- Thread