On 03/05/18 11:42, Abhijith PA wrote: > Hello. > > > I have prepared LTS security update for ocaml[1]. Debdiff is attached. > I compiled couple of ocaml programs for testing. I don't have any > experience with ocaml. If you know any ocaml projects please compile > with this build. Please upload if it look good. Once it reach the > archive I will send the DLA.
There is a test case in [1] which is still crashing for me with your update. I'm not sure if it's supposed to not crash with the patch. Perhaps given that Marshall is clearly marked as unsafe for untrasted data, we should follow jessie/stretch and mark this as no-dsa. But I'll let you decide. Cheers, Emilio [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-9838
