Bug#878362: mozjs52: embedded code copy: icu v58
Simon McVittie
smcv at debian.org
Fri Oct 13 07:54:51 UTC 2017
Source: mozjs52
Version: 52.3.1-4
Severity: normal
Control: block -1 by 878359
X-Debbugs-Cc: security at debian.org
mozjs52 has an embedded code copy of libicu. (The same is true for
firefox-esr and firefox.) It is newer than the current system copy,
so it is not necessarily safe to stop using it right now.
When icu >= 58 reaches testing/unstable (#878359), mozjs52 can hopefully
depend on it as a system library instead, closing this bug in the process.
This would also allow removing a lot of hacks from the mozjs52 packaging.
The major user of mozjs52 is going to be gjs, which is not a security
boundary (it's JavaScript-as-extension-language, the same role that Lua
frequently takes, rather than JavaScript-as-web-content) so this is
probably not security-sensitive for gjs, but it might become
security-sensitive if other packages migrate from mozjs or mozjs24 to
mozjs52.
smcv
More information about the pkg-gnome-maintainers
mailing list