This bug was fixed in the package mozjs128 - 128.9.0-1
---------------
mozjs128 (128.9.0-1) unstable; urgency=high
* New upstream release (LP: #2105631)
- CVE-2025-3028 Use-after-free triggered by XSLTProcessor
- CVE-2025-3029 URL bar spoofing via non-BMP Unicode characters
- CVE-2025-3030 Memory safety bugs
-- Jeremy Bícha <[email protected]> Mon, 31 Mar 2025 12:49:25 -0400
** Changed in: mozjs128 (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-3028
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-3029
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-3030
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2105631
Title:
Update mozjs128 to 128.9.0 for plucky
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mozjs128/+bug/2105631/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
