| Summary: | <dev-lang/ocaml-4.09.0: Integer overflow (CVE-2018-9838) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sam James <sam> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | gienah, ml, sam |
| Priority: | Normal | Keywords: | PullRequest |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://github.com/gentoo/gentoo/pull/28090 | ||
| Whiteboard: | B2 [glsa+ cve] | ||
| Package list: |
dev-lang/ocaml-4.09.0-r1
|
Runtime testing required: | Yes |
| Bug Depends on: | 704246, 708696, 737154, 755257 | ||
| Bug Blocks: | |||
|
Description
Sam James
2020-04-23 22:39:07 UTC
ping sparc was missed... This issue was resolved and addressed in GLSA 202007-48 at https://security.gentoo.org/glsa/202007-48 by GLSA coordinator Sam James (sam_c). (In reply to GLSAMaker/CVETool Bot from comment #3) > This issue was resolved and addressed in > GLSA 202007-48 at https://security.gentoo.org/glsa/202007-48 > by GLSA coordinator Sam James (sam_c). Reopening for sparc stabilisation. Resetting sanity check; keywords are not fully specified and arches are not CC-ed. On a stable system, one can't update dev-lang/ocaml-4.09.0 without unmasking dev-ml/ocamlbuild-0.14.0 and possibly some other packages. See this forum thread: <https://forums.gentoo.org/viewtopic-t-1114522-highlight-ocaml.html> (In reply to Mark Purtill from comment #6) > On a stable system, one can't update dev-lang/ocaml-4.09.0 without unmasking > dev-ml/ocamlbuild-0.14.0 and possibly some other packages. See this forum > thread: > > <https://forums.gentoo.org/viewtopic-t-1114522-highlight-ocaml.html> I think this should be fixed now, or at least getting there. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34b06d35218d9e444050526511da10962ea72c2f commit 34b06d35218d9e444050526511da10962ea72c2f Author: Sam James <sam@gentoo.org> AuthorDate: 2021-06-08 04:58:53 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-06-08 04:59:09 +0000 dev-lang/ocaml: add CVE-2018-9838 patch to 4.05.0 Closes: https://bugs.gentoo.org/755257 Bug: https://bugs.gentoo.org/719134 Signed-off-by: Sam James <sam@gentoo.org> .../ocaml/files/ocaml-4.05.0-CVE-2018-9838.patch | 70 ++++++++++ dev-lang/ocaml/ocaml-4.05.0-r4.ebuild | 143 +++++++++++++++++++++ 2 files changed, 213 insertions(+) Unable to check for sanity:
> no match for package: dev-lang/ocaml-4.09.0
Unable to check for sanity:
> no match for package: dev-lang/ocaml-4.09.0-r1
ping. Some cleanup is still needed (see PR) to fully resolve this bug. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da16ce0bc073186b149ff9cd6c6e8b724c88fd59 commit da16ce0bc073186b149ff9cd6c6e8b724c88fd59 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-10-22 23:00:32 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-10-28 00:24:09 +0000 dev-lang/ocaml: drop 4.05.0-r9 Bug: https://bugs.gentoo.org/719134 Signed-off-by: John Helmert III <ajak@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/28090 Signed-off-by: Sam James <sam@gentoo.org> dev-lang/ocaml/Manifest | 3 - dev-lang/ocaml/ocaml-4.05.0-r9.ebuild | 156 ---------------------------------- 2 files changed, 159 deletions(-) |