*** This bug is a security vulnerability *** Public security bug reported:
Impact ------ mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used by gjs to power GNOME Shell and some GNOME apps. There are new Firefox 102 ESR releases monthly until the end of August. https://whattrainisitnow.com/calendar/ Security Impact --------------- I looked through https://github.com/mozilla/gecko-dev/commits/esr102/js and searched for referenced bug numbers in https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/ and found one CVE Test Case --------- https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs Security Sponsoring ------------------- sudo apt install git-buildpackage mkdir ../tarballs; cd ../tarballs pull-lp-source mozjs102 mantic # That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while. cd .. gbp clone https://salsa.debian.org/gnome-team/mozjs cd mozjs git checkout ubuntu/102/lunar gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs git checkout ubuntu/102/kinetic gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs git checkout ubuntu/102/jammy gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs Initial Testing Done -------------------- I built the package locally. I installed the library package on Ubuntu 23.04 and successfully completed the Test Case. Other Info ---------- Ubuntu 22.04 LTS currently has no packages using it yet, but it is still a goal to update gjs there to use mozjs102. See LP: #1993214 Also, it's believed that Linux Mint will switch their cjs packages to use mozjs102 in 2023. ** Affects: mozjs102 (Ubuntu) Importance: Undecided Status: In Progress ** Tags: jammy kinetic lunar upgrade-software-version -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to mozjs102 in Ubuntu. https://bugs.launchpad.net/bugs/2023047 Title: Update mozjs102 to 102.12.0 Status in mozjs102 package in Ubuntu: In Progress Bug description: Impact ------ mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used by gjs to power GNOME Shell and some GNOME apps. There are new Firefox 102 ESR releases monthly until the end of August. https://whattrainisitnow.com/calendar/ Security Impact --------------- I looked through https://github.com/mozilla/gecko-dev/commits/esr102/js and searched for referenced bug numbers in https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/ and found one CVE Test Case --------- https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs Security Sponsoring ------------------- sudo apt install git-buildpackage mkdir ../tarballs; cd ../tarballs pull-lp-source mozjs102 mantic # That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while. cd .. gbp clone https://salsa.debian.org/gnome-team/mozjs cd mozjs git checkout ubuntu/102/lunar gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs git checkout ubuntu/102/kinetic gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs git checkout ubuntu/102/jammy gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs Initial Testing Done -------------------- I built the package locally. I installed the library package on Ubuntu 23.04 and successfully completed the Test Case. Other Info ---------- Ubuntu 22.04 LTS currently has no packages using it yet, but it is still a goal to update gjs there to use mozjs102. See LP: #1993214 Also, it's believed that Linux Mint will switch their cjs packages to use mozjs102 in 2023. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mozjs102/+bug/2023047/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
