It was discovered that OCaml mishandled sign extensions. A remote attacker
could use this vulnerability to steal sensitive information, cause a denial
of service (crash), or possibly execute arbitrary code. This issue only
affected Ubuntu 16.04 ESM. (CVE-2015-8869)
It was discovered that OCaml mishandled crafted input. An attacker could
use this vulnerability to cause a denial of service or possibly execute
arbitrary code. (CVE-2018-9838)