bug#27462: OCaml CVE-2015-8869

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27462: OCaml CVE-2015-8869

From:	Julien Lepiller
Subject:	bug#27462: OCaml CVE-2015-8869
Date:	Wed, 20 Feb 2019 09:39:20 +0100
User-agent:	K-9 Mail for Android

Le 19 février 2019 23:17:52 GMT+01:00, Andreas Enge <address@hidden> a écrit :
>On Thu, Jan 31, 2019 at 06:30:27PM +0100, Julien Lepiller wrote:
>> I still care about ocaml-4.02, but I could probably update it to
>ocaml-4.04 without breaking dependents.
>
>Commits 2e125ece093ef842ca017ffb146cbc5fa33f2f75 and
>4982c0c98deecea0d4f69f14ea28cab53b5f2123 remove address@hidden, pplacer and
>all other dependent packages.
>
>Is address@hidden really needed? It would be nice to get rid of a package
>with CVE.
>
>Andreas

At this point, we only need it for bap and dependencies. I've added 
dependencies for the latest bap commit that work with the latest ocaml, but 
they haven't released a new version yet. Can we wait a bit longer?

Another solution would be to jump to ocaml 4.05 and re-package another version 
of ~50 dependencies. I don't really want to do that…

[Prev in Thread]

Current Thread

[Next in Thread]

bug#27462: OCaml CVE-2015-8869, Andreas Enge, 2019/02/19
- bug#27462: OCaml CVE-2015-8869, Julien Lepiller <=
  - bug#27462: OCaml CVE-2015-8869, Andreas Enge, 2019/02/20

Prev by Date: bug#34565: ungoogled-chromium might contain remnants of Widevine DRM
Next by Date: bug#34565: ungoogled-chromium contains Widevine DRM
Previous by thread: bug#27462: OCaml CVE-2015-8869
Next by thread: bug#27462: OCaml CVE-2015-8869
Index(es):
- Date
- Thread