[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27462: OCaml CVE-2015-8869

From: Ben Woodcroft
Subject: bug#27462: OCaml CVE-2015-8869
Date: Sat, 24 Jun 2017 10:25:52 +1000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1

Hi Leo,

On 24/06/17 02:41, Leo Famulari wrote:
Our package ocaml-4.01 is vulnerable to CVE-2015-8869, which we patched
in the primary ocaml package in April 2016. Unfortunately, this patch
was not included when the ocaml-4.01 package was created in January


Do we need this older version of OCaml? If so, we need a volunteer to
maintain it.

Thanks for pointing this out. AFAIK OCaml 4.01 is really only used to build pplacer, a bioinformatics program. I was planning on submitting 3 further bioinformatic packages soon which rely on pplacer, however.

I'm not sure I have the bandwidth to backport patches to such an old release, especially since the OCaml maintainers do not appear to be either, AFAICS.

This is a little frustrating, but perhaps they should be removed. WDYT?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]