GNU bug report logs

#27462 OCaml CVE-2015-8869

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Full log

Message #25 received at submit@debbugs.gnu.org (full text, mbox, reply):

Received: (at submit) by debbugs.gnu.org; 31 Jan 2019 17:30:57 +0000
From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 31 12:30:57 2019
Received: from localhost ([127.0.0.1]:53289 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1gpGAz-0006df-Ci
	for submit@debbugs.gnu.org; Thu, 31 Jan 2019 12:30:57 -0500
Received: from eggs.gnu.org ([209.51.188.92]:58432)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <julien@lepiller.eu>) id 1gpGAx-0006dP-R4
 for submit@debbugs.gnu.org; Thu, 31 Jan 2019 12:30:56 -0500
Received: from lists.gnu.org ([209.51.188.17]:39710)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <julien@lepiller.eu>) id 1gpGAs-0007sX-Ki
 for submit@debbugs.gnu.org; Thu, 31 Jan 2019 12:30:50 -0500
Received: from eggs.gnu.org ([209.51.188.92]:44576)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <julien@lepiller.eu>) id 1gpGAr-0002H9-3F
 for bug-guix@gnu.org; Thu, 31 Jan 2019 12:30:50 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.6 required=5.0 tests=BAYES_00,
 RCVD_IN_BL_SPAMCOP_NET autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <julien@lepiller.eu>) id 1gpGAp-0007rD-MN
 for bug-guix@gnu.org; Thu, 31 Jan 2019 12:30:49 -0500
Received: from lepiller.eu ([2a00:5884:8208::1]:40642)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <julien@lepiller.eu>) id 1gpGAp-0007kX-Bx
 for bug-guix@gnu.org; Thu, 31 Jan 2019 12:30:47 -0500
Received: from [100.67.186.84] (slc-exit.privateinternetaccess.com
 [173.244.209.5]) by lepiller.eu (OpenSMTPD) with ESMTPSA id c1e3f02d
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); 
 Thu, 31 Jan 2019 17:30:36 +0000 (UTC)
Date: Thu, 31 Jan 2019 18:30:27 +0100
User-Agent: K-9 Mail for Android
In-Reply-To: <20190131172113.GA29071@jurong>
References: <20190131165613.GA27597@jurong> <20190131172113.GA29071@jurong>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: bug#27462: OCaml CVE-2015-8869
To: bug-guix@gnu.org,Andreas Enge <andreas@enge.fr>,27462@debbugs.gnu.org
From: Julien Lepiller <julien@lepiller.eu>
Message-ID: <96513178-922C-49D6-AF32-0EF723343C8E@lepiller.eu>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2a00:5884:8208::1
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Spam-Score: 1.2 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Le 31 janvier 2019 18:21:13 GMT+01:00, Andreas Enge <andreas@enge.fr>
    a écrit : >On Thu, Jan 31, 2019 at 05:57:03PM +0100, Andreas Enge wrote:
    >> Are people using the software > >I suppose not, becau [...] 
 
 Content analysis details:   (1.2 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
                             bl.spamcop.net
               [Blocked - see <https://www.spamcop.net/bl.shtml?173.244.209.5>]
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.2 (/)

Le 31 janvier 2019 18:21:13 GMT+01:00, Andreas Enge <andreas@enge.fr> a écrit :
>On Thu, Jan 31, 2019 at 05:57:03PM +0100, Andreas Enge wrote:
>> Are people using the software
>
>I suppose not, because one of its dependencies currently does not
>build:
>
>...
>phase `ocaml-findlib-environment' succeeded after 0.0 seconds
>starting phase `configure'
>build directory:
>"/tmp/guix-build-ocaml4.01-gsl-1.22.0.drv-0/gsl-1.22.0"
>running 'configure' with arguments ("-prefix"
>"/gnu/store/2f0wbxxpva9pnl4877hcr1k9gnawnbgc-ocaml4.01-gsl-1.22.0")
>Backtrace:
>           5 (primitive-load "/gnu/store/g4hk79x8kdpgnq87jhy6qjj9qa1…")
>In ice-9/eval.scm:
>   191:35  4 (_ _)
>In srfi/srfi-1.scm:
>  863:16  3 (every1 #<procedure 6ef100 at /gnu/store/vnbx61brdhy87…> …)
>In
>/gnu/store/vnbx61brdhy87fhvwhrgf24qdgk1r4ww-module-import/guix/build/gnu-build-system.scm:
>   799:28  2 (_ _)
>In
>/gnu/store/vnbx61brdhy87fhvwhrgf24qdgk1r4ww-module-import/guix/build/ocaml-build-system.scm:
>     55:8  1 (configure #:outputs _ #:configure-flags _ #:test-flags …)
>In
>/gnu/store/vnbx61brdhy87fhvwhrgf24qdgk1r4ww-module-import/guix/build/utils.scm:
>    616:6  0 (invoke _ . _)
>
>/gnu/store/vnbx61brdhy87fhvwhrgf24qdgk1r4ww-module-import/guix/build/utils.scm:616:6:
>In procedure invoke:
>Throw to key `srfi-34' with args `(#<condition &invoke-error [program:
>"./configure" arguments: ("-prefix"
>"/gnu/store/2f0wbxxpva9pnl4877hcr1k9gnawnbgc-ocaml4.01-gsl-1.22.0")
>exit-status: 127 term-signal: #f stop-signal: #f] 491fc0>)'.
>builder for
>`/gnu/store/diyv95rimr1dl0m5n1ms8yclb6b139lc-ocaml4.01-gsl-1.22.0.drv'
>failed with exit code 1
>build of
>/gnu/store/diyv95rimr1dl0m5n1ms8yclb6b139lc-ocaml4.01-gsl-1.22.0.drv
>failed
>...
>
>Shall we remove all the ocaml-4.01 universe? The next step would be
>4.02,
>it appears that the CVE is solved with 4.03 only:
>
>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8869
>   "OCaml before 4.03.0 does not properly handle..."
>
>Andreas

I still care about ocaml-4.02, but I could probably update it to ocaml-4.04 without breaking dependents.

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 01:19:33 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.