Dear OCaml users and developers,

My current employer ships an executable whose source code is written in
OCaml, and is trying to understand the security implications and mitigating
actions (if any) of CVE-2017-9779.   For the purposes of this discussion,
only the native code compiler (ocamlopt) is relevant.

The questions I would hope to get answers to are:

1. Which versions of the OCaml compiler produce executables which are
affected by the vulnerability/ies described in CVE-2017-9779?

2. What mitigation/s (if any) are suggested?

I will point out that my current employer and I are pretty confident that
we understand the issues described by CVE-2017-9772; the assumption we are
operating under is that there is a separate issue/issues that are different
from the issues covered in CVE-2017-9772.

If you would like to continue the discussion off-list, or would like to
encrypt further communication on this subject, or would like to see
non-disclosure agreements  signed in triplicate and delivered by bactrian
camels, please let me know what your requirements are: I will so inform my
employer and we'll try to accommodate.

Thank you in advance!

-- 
Best,
Evgeny ("Zhenya")