Bug#1033019: unblock: mozjs102/102.9.0-1

[Jeremy Bícha]

Package: release.debian.org
Control: affects -1 + src:mozjs102
X-Debbugs-Cc: mozjs102 at packages.debian.org
User: release.debian.org at packages.debian.org
Usertags: unblock

Please unblock package mozjs102

[ Reason ]
The new mozjs102 stable point release includes a security fix, CVE-2023-25751

[ Impact ]
mozjs102 is only used by gjs which in turn is used by GNOME Shell and
several GNOME apps written in JavaScript.

[ Tests ]
The build tests have passed successfully and the gjs autopkgtests
triggered by this upload have passed too. (mozjs102 itself
does not have autopkgtests yet).

I also completed the manual test cases from
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
on Debian Testing.

[ Risks ]

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ]
mozjs102 is the SpiderMonkey JavaScript engine from the current
Firefox ESR stable branch. There are monthly releases until August.

https://wiki.mozilla.org/Release_Management/Calendar

I am unaware of anyone using Firefox vulnerabilities to attack GNOME
Shell, but I think it's good to be prudent and apply available
security updates. I don't think the Debian Security Team has done
security uploads for mozjs*, in part because Mozilla's lifecycle is so
short that it's difficult for an upstream supported mozjs to be in a
Debian stable release.

For more info about the commits, see the Github mirror:
https://github.com/mozilla/gecko-dev/commits/esr102/js

unblock mozjs102/102.9.0-1

Thank you,
Jeremy Bicha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mozjs102_102.8.0-1_102.9.0-1.diff
Type: text/x-patch
Size: 7424 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20230315/ee65b5e2/attachment.bin>