Bug#874700: ocaml: CVE-2017-9779

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#874700: ocaml: CVE-2017-9779
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 08 Sep 2017 21:47:05 +0200
Message-id: <[🔎] 150490002508.21462.2702821944001608527.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 874700@bugs.debian.org

Source: ocaml
Version: 4.01.0-5
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for ocaml.

CVE-2017-9779[0]:
| OCaml compiler allows attackers to have unspecified impact via unknown
| vectors, a similar issue to CVE-2017-9772 "but with much less impact."

This is the secondary, lesser critical issue affecting as well older
versions as mentioned in [1] and [2]. Can you get in touch with
upstream to identify the required patch.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9779
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9779
[1] https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html
[2] https://caml.inria.fr/mantis/view.php?id=7557

Regards,
Salvatore

Reply to:

Prev by Date: why_2.39-1_source.changes ACCEPTED into unstable
Next by Date: Wheezy update of ocaml?
Previous by thread: why_2.39-1_source.changes ACCEPTED into unstable
Next by thread: Wheezy update of ocaml?
Index(es):
- Date
- Thread