** Description changed:
Impact
------
- Several security bug fixes
+ mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used
by gjs to power GNOME Shell and some GNOME apps.
+
+ Security Impact
+ ---------------
+ I looked through
+ https://github.com/mozilla/gecko-dev/commits/esr102/js
+ and searched for referenced bug numbers in
+ https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/
+
+ and found two CVEs for Ubuntu 23.04
+
+ Test Case
+ ---------
+ https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
+
+ Security Sponsoring
+ -------------------
+ sudo apt install git-buildpackage
+
+ mkdir ../tarballs; cd ../tarballs
+ pull-lp-source mozjs102 kinetic
+ # That avoids needing to recreate the original tarball from pristine-tar
which takes a while. Also, running lintian takes a while.
+ cd ..
+ gbp clone https://salsa.debian.org/gnome-team/mozjs
+ cd mozjs
+ git checkout ubuntu/102/lunar
+ gbp buildpackage --git-builder="debuild --no-lintian -S -nc"
--git-tarball-dir=../tarballs
+
+ git checkout ubuntu/102/kinetic
+ gbp buildpackage --git-builder="debuild --no-lintian -S -nc"
--git-tarball-dir=../tarballs
+
+ git checkout ubuntu/102/jammy
+ gbp buildpackage --git-builder="debuild --no-lintian -S -nc"
--git-tarball-dir=../tarballs
+
+ Initial Testing Done
+ --------------------
+ I built the packages in my PPA.
+ I installed the packages on Ubuntu 23.04 and successfully completed the Test
Case.
** Changed in: mozjs102 (Ubuntu)
Importance: Wishlist => Undecided
** Also affects: mozjs102 (Ubuntu Lunar)
Importance: Undecided
Status: New
** Also affects: mozjs102 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: mozjs102 (Ubuntu Kinetic)
Importance: Undecided
Status: New
** Changed in: mozjs102 (Ubuntu Jammy)
Status: New => Incomplete
** Changed in: mozjs102 (Ubuntu Kinetic)
Status: New => Incomplete
** Changed in: mozjs102 (Ubuntu Lunar)
Status: New => Incomplete
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-32215
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-32211
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to mozjs102 in Ubuntu.
https://bugs.launchpad.net/bugs/2018905
Title:
Update mozjs102 to 102.11.0
Status in mozjs102 package in Ubuntu:
Incomplete
Status in mozjs102 source package in Jammy:
Incomplete
Status in mozjs102 source package in Kinetic:
Incomplete
Status in mozjs102 source package in Lunar:
Incomplete
Bug description:
Impact
------
mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used
by gjs to power GNOME Shell and some GNOME apps.
Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/
and found two CVEs for Ubuntu 23.04
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Security Sponsoring
-------------------
sudo apt install git-buildpackage
mkdir ../tarballs; cd ../tarballs
pull-lp-source mozjs102 kinetic
# That avoids needing to recreate the original tarball from pristine-tar
which takes a while. Also, running lintian takes a while.
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/lunar
gbp buildpackage --git-builder="debuild --no-lintian -S -nc"
--git-tarball-dir=../tarballs
git checkout ubuntu/102/kinetic
gbp buildpackage --git-builder="debuild --no-lintian -S -nc"
--git-tarball-dir=../tarballs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc"
--git-tarball-dir=../tarballs
Initial Testing Done
--------------------
I built the packages in my PPA.
I installed the packages on Ubuntu 23.04 and successfully completed the Test
Case.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mozjs102/+bug/2018905/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
