This should be tracked as a security problem; per: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8869 the OCaml compiler before version 4.03 generates insecure code, mis-handling sign extensions resulting in remote code execution vulnerabilities in software written in OCaml, if it accepts network connections. Example network-connection-accepting OCaml software in Ports: security/sks The current packaging is 4.02.3, not 4.03+, thus all OCaml code being compiled on FreeBSD using the compiler in Ports should be considered vulnerable, per my understanding of the CVE. There is work in progress for one possible path forward in bug 218333; whether this security-issue bug ends up marked as a dup or prompts shorter-term fast work to update the compiler, is a matter for the Security & Ports folks of FreeBSD to decide, but I felt it worth having a tracking bug for the security implications rather than one possible remediation path.
A commit references this bug: Author: cs Date: Thu May 23 19:43:30 UTC 2019 New revision: 502353 URL: https://svnweb.freebsd.org/changeset/ports/502353 Log: Multiple vulnerabilities in OCaml PR: 223039 Submitted by: Phil Pennock <freebsd@phil.spodhuis.org> Security: CVE-2015-8869 Changes: head/security/vuxml/vuln.xml