CVE-2015-8869

Priority
Description
OCaml before 4.03.0 does not properly handle sign extensions, which allows
remote attackers to conduct buffer overflow attacks or obtain sensitive
information as demonstrated by a long string to the String.copy function.
Notes
 msalvatore> binaries built with ocamlopt will need to be rebuilt after a system upgrade
Assigned-to
mdeslaur
Package
Source: ocaml (LP Ubuntu Debian)
Upstream:released (4.02.3-9, 4.03.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):released ([4.01.0-3ubuntu3.1])
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.02.3-9)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (4.02.3-9)
Ubuntu 19.04 (Disco Dingo):not-affected (4.02.3-9)
Ubuntu 19.10 (Eoan):not-affected (4.02.3-9)
Patches:
Upstream:https://github.com/ocaml/ocaml/commit/659615c7b100a89eafe6253e7a5b9d84d0e8df74
More Information

Updated: 2019-05-17 20:14:35 UTC (commit 72eb3aeb6934c8154adbfed20e7ae7c36ea8b278)