Hello
Here is the latest Caml Weekly News, for the week of December 15 to 22, 2009.
Archive: http://groups.google.com/group/fa.caml/browse_thread/thread/e56a35000893f2b8#
Mehdi Dogguy continued this old thread:
There is still a security issue not fixed in this release which concerns
TIFF images. A CVE has been announced a while ago:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3296
I tried to contact the authors (one month ago) but received no answer
yet. That's why I'm sending this message on the list: to let users and
packagers know about the bug.
The vulenarable file is “src/tiffread.c”. The patch is available at:
http://tinyurl.com/cve-tiff-1
and the source code of “oversized.h” is available at:
http://tinyurl.com/cve-tiff-2
These changes are applied in the Debian packages and were backported to
the stable and oldstable releases.
Archive: http://groups.google.com/group/fa.caml/browse_thread/thread/907c349a08319fb6#
Xavier Clerc announced:This post announces the 1.0 release of the following projects: - Bisect: coverage tool; - Bolt: logging tool; - Kaputt: testing tool. === Bisect === Home page: http://bisect.x9c.fr Main changes since 1.0-beta: - '-enable' / '-disable' command-line switches to control instrumentation - support for multithread applications - new output mode: EMMA-compatible XML (*) - support for ocamlfind installation - major code refactoring and improvement - bug #41: '-I' command-line switch to specify search path === Bolt === Home page: http://bolt.x9c.fr Main changes since 1.0-beta: - support for multithread applications - support for plugins - support for printf-like notation in "LOG" statements - support for ocamlfind installation - various minor fixes === Kaputt === Home page: http://kaputt.x9c.fr Main changes since 1.0-beta: - support for enumeration-based tests - new output mode: JUnit-compatible XML (*) - more tests - support for ocamlfind installation - minor code refactoring and improvement - bug #45: better handling of dependencies to 'bigarray' and 'num' (*) these output modes are especially useful for combination with tools like Hudson (continuous integration server - http://hudson-ci.org/).
Thanks to Alp Mestan, we now include in the Caml Weekly News the links to the
recent posts from the ocamlcore planet blog at http://planet.ocamlcore.org/.
ocaml-mysql:
https://forge.ocamlcore.org/projects/ocaml-mysql/
Kapput 1.0:
http://caml.inria.fr/cgi-bin/hump.cgi?contrib=675
Bolt 1.0:
http://caml.inria.fr/cgi-bin/hump.cgi?contrib=699
If you happen to miss a CWN, you can send me a message and I'll mail it to you, or go take a look at the archive or the RSS feed of the archives.
If you also wish to receive it every week by mail, you may subscribe online.