This bug was fixed in the package mozjs115 - 115.10.0-1
---------------
mozjs115 (115.10.0-1) unstable; urgency=high
* New upstream release (LP: #2061860)
- CVE-2024-3852: GetBoundName in the JIT returned the wrong object
- CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement
- CVE-2024-3857: Incorrect JITting of arguments led to use-after-free
during garbage collection
-- Jeremy Bícha <jbi...@ubuntu.com> Tue, 16 Apr 2024 07:52:09 -0400
** Changed in: mozjs115 (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-3852
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-3854
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-3857
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to mozjs115 in Ubuntu.
https://bugs.launchpad.net/bugs/2061860
Title:
Update mozjs115 to 115.10.0
Status in mozjs115 package in Ubuntu:
Fix Released
Bug description:
Includes some security fixes
The build is fairly quick and the autopkgtest burden should be
minimal, probably just gjs.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mozjs115/+bug/2061860/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
