On Wed, Apr 11, 2018 at 10:59:43PM +0200, Salvatore Bonaccorso wrote:
> Source: ocaml
> Version: 4.05.0-10
> Severity: important
> Tags: security upstream
> Forwarded: https://caml.inria.fr/mantis/view.php?id=7765
>
> Hi,
>
> The following vulnerability was published for ocaml.
>
> CVE-2018-9838[0]:
> | The caml_ba_deserialize function in byterun/bigarray.c in the standard
> | library in OCaml 4.06.0 has an integer overflow which, in situations
> | where marshalled data is accepted from an untrusted source, allows
> | remote attackers to cause a denial of service (memory corruption) or
> | possibly execute arbitrary code via a crafted object.
What's the status? There hasn't been an upload for src:ocaml over all
of 2018?
Cheers,
Moritz
