bug#27463: closed (OCaml CVE-2017-9772)

[GNU bug Tracking System]

Your message dated Thu, 14 Nov 2019 18:23:43 +0100
with message-id <address@hidden>
and subject line Re: Bug #27463 Hunting: OCaml CVE-2017-9772
has caused the debbugs.gnu.org bug report #27463,
regarding OCaml CVE-2017-9772
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden.)


-- 
27463: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=27463
GNU Bug Tracking System
Contact address@hidden with problems

--- Begin Message --- Subject: OCaml CVE-2017-9772 Date: Fri, 23 Jun 2017 12:41:50 -0400 User-agent: Mutt/1.8.3 (2017-05-23)

Our packages of OCaml 4.02.3 and 4.01.0 are vulnerable to CVE-2017-9772:

http://seclists.org/oss-sec/2017/q2/575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9772

signature.asc
Description: PGP signature

--- End Message ---

> --- Begin Message ---
>
>
>
> Subject: 
>
> Re: Bug #27463 Hunting: OCaml CVE-2017-9772
>
>
>
>
> Date: 
>
> Thu, 14 Nov 2019 18:23:43 +0100
>
>
>
>
> User-agent: 
>
> K-9 Mail for Android
>
>
>
>
> Le 14 novembre 2019 17:22:41 GMT+01:00, zimoun <address@hidden> a écrit :
> >Dear,
> >
> >This bug was opened for Ocaml version 4.02 and 4.01, then Debian said
> >it affects version 4.04 and today (two years later) the version is
> >4.07. Does this security still make sense?
> >
> >If yes, please indicate me what can I do to proceed: apply the
> >security patch and close the issue.
> >If no, I plan to close this bug.
> >
> >
> >Thank you in advance for any comments.
> >
> >All the best,
> >simon
> >
> >https://debbugs.gnu.org/cgi/bugreport.cgi?bug=27463
>
> Closing as the security issue does not apply to our OCaml version.
>
>
> --- End Message ---