Tags: security upstream
The following vulnerability was published for ocaml.
| The caml_ba_deserialize function in byterun/bigarray.c in the standard
| library in OCaml 4.06.0 has an integer overflow which, in situations
| where marshalled data is accepted from an untrusted source, allows
| remote attackers to cause a denial of service (memory corruption) or
| possibly execute arbitrary code via a crafted object.
A solution is still beeing discussed upstream in .
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed.