Looks like a few more CVEs have been published between 102.3 in karmic and 102.5 in lunar:
102.4 CVE-2022-42928 bug 1791520 102.5 CVE-2022-45406 bug 1791975 102.5 CVE-2022-45409 bug 1796901 Perhaps we should move to 102.5? I have to admit, bumping to a new major release of mozjs sounds risky. What are the plans to test all the arbitrary gnome-shell plugins that could be installed in user environments? How well does gnome-shell handle a plugin that could crash on startup if there is an incompatibility with a newer mozjs version? ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-42928 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-45406 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-45409 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gjs in Ubuntu. https://bugs.launchpad.net/bugs/1993214 Title: [jammy] Update gjs to 1.74 using mozjs102 102.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gjs/+bug/1993214/+subscriptions -- desktop-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
