Your message dated Fri, 22 Aug 2025 10:47:12 +0000
with message-id <[email protected]>
and subject line Bug#1111591: fixed in mozjs128 128.14.0-1~deb13u1
has caused the Debian Bug report #1111591,
regarding mozjs128: update to 128.14.0
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111591: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111591
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mozjs128
Version: 128.13.0-1
Severity: important
Tags: trixie forky sid
The final scheduled mozjs128 release, 128.14.0, was released today
with some security fixes.
mozjs128 is only used by gjs (for GNOME Shell and several GNOME apps)
and cjs (for Cinnamon). Practically, I am not aware of any Firefox
CVEs ever being used to attack the desktop via gjs or cjs. Notably,
debian-security-support says about mozjs128 "Not covered by security
support, only suitable for trusted content". Therefore, updates for
mozjs* are handled via regular updates.
https://salsa.debian.org/debian/debian-security-support/-/blob/master/security-support.deb13#L30
https://whattrainisitnow.com/calendar/
Thank you,
Jeremy Bícha
--- End Message ---
--- Begin Message ---
Source: mozjs128
Source-Version: 128.14.0-1~deb13u1
Done: Jeremy Bícha <[email protected]>
We believe that the bug you reported is fixed in the latest version of
mozjs128, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy Bícha <[email protected]> (supplier of updated mozjs128 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 18 Aug 2025 11:27:41 -0400
Source: mozjs128
Built-For-Profiles: noudeb
Architecture: source
Version: 128.14.0-1~deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Jeremy Bícha <[email protected]>
Closes: 1111591
Changes:
mozjs128 (128.14.0-1~deb13u1) trixie; urgency=medium
.
* New upstream release (Closes: #1111591)
- CVE-2025-9181: Uninitialized memory in the JavaScript Engine
component
- CVE-2025-9185: Memory safety bugs
* Branch for trixie
Checksums-Sha1:
be3f13bf45cbf2251dbbf7e270234a0228b7ac47 2448 mozjs128_128.14.0-1~deb13u1.dsc
97a6b00ade1ef58b215cf7061a86c4299fd9d5ba 157263392
mozjs128_128.14.0.orig.tar.xz
eb6c9294453a796491957a96f30ce29ce228686e 53764
mozjs128_128.14.0-1~deb13u1.debian.tar.xz
10feb8fe65a24b23fc291810220b49b22e1203ad 8989
mozjs128_128.14.0-1~deb13u1_source.buildinfo
Checksums-Sha256:
0bb78fc07665cafb45b0659644cc7b812ef306cae470b6a0c89b9dc7e0d34d8b 2448
mozjs128_128.14.0-1~deb13u1.dsc
41cca35149710ce45fbabc5fefcf86a01fdf833fdb783941964fca3a55fb72dd 157263392
mozjs128_128.14.0.orig.tar.xz
39bd9cb8abb66e2dc5b2b2a8fe7df1f55307e48a0155a9c2a3d698bac0b25b3b 53764
mozjs128_128.14.0-1~deb13u1.debian.tar.xz
2fea9b7ba4a798ce39b5861f66e5e5132d16a6ed81a3162a11c67602fbdb4558 8989
mozjs128_128.14.0-1~deb13u1_source.buildinfo
Files:
9b4cfaa19748c82acecd8cfb10a6920d 2448 libs optional
mozjs128_128.14.0-1~deb13u1.dsc
66e67ee8b8ba967961691440c1457e2d 157263392 libs optional
mozjs128_128.14.0.orig.tar.xz
fe9ea7d1200985cd2d7c4e2930970344 53764 libs optional
mozjs128_128.14.0-1~deb13u1.debian.tar.xz
aada4cd9b3395cff52912da7db63e254 8989 libs optional
mozjs128_128.14.0-1~deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmimXKQACgkQ5mx3Wuv+
bH1n4Q/+NgFrli6HBpYsUNRNh+ysCnvGI2oucku1JHXN5cYZafXIB7ZxVMJ6zER/
bpOXUCTB3lwQJp74JiMlkWLzwR90SyjiAgyobfSuoBe2J26QBI7dAogNHKtAtJP6
GiPW5RXKjZgmiUh6rC3TVF68bWK5rCxB1Mxq+WJpu6mTN8ToT8N/D7B1AI8f8oOz
PZavAQ5eU4WncholAY8RKjtPEdszole6Oikk9dX6rXbig6vY7itEA//xp61MTjSQ
TA4iT9S0tYu/MaT9Vmo8GgnhRFRIX3XDsnv1Rob4VsEJNv8OolDh2XiRXtz3VDle
vo3quGjZaVdCl51HRfTbRBQN78bIE0bhftXxPm4QlD3CHL+dNVAErL76E13z4TjV
NGXGGUaw4zqTOhyjSSp+69daHblSBxFFPLUztzetHtQ0kK1tDtQHBxMfe+Zn/Avq
MjZEJQCkVE078j2S57467UFY4rqa7E36rg1MhLAs1eXxAH4kyXqbQlarCyai6hH2
uGnaBxoYeG3x38Hc//+BwYaPMsGsP2o2oeK5Rs39Anx5pxZTKnHjnLeAPF1Ic9mz
RnCB4mJg6eTNGTZvctEpCMAVer4oHHDIAzcNw/A75SyJFW/HLjt3ARdsxBI34e64
aGKA7z/vtR2c95N4wJEHwIDGeFQPk98fiZzhOrsSfQrfjnml2Bg=
=m3RT
-----END PGP SIGNATURE-----
pgpMahdLe8BIO.pgp
Description: PGP signature
--- End Message ---
