Bug#1035879: unblock: mozjs102/102.10.0-1
Jeremy Bícha
jeremy.bicha at canonical.com
Wed May 10 14:38:19 BST 2023
Package: release.debian.org
Control: affects -1 + src:mozjs102
X-Debbugs-Cc: mozjs102 at packages.debian.org
User: release.debian.org at packages.debian.org
Usertags: unblock
Please unblock package mozjs102 and reduce the days required to reach Testing.
[ Reason ]
The new mozjs102 stable point release includes multiple security fixes.
- CVE-2023-32211: Content process crash due to invalid wasm code
- CVE-2023-32215: Memory safety bugs
I included more in debian/changelog but those affected Firefox ESR,
not mozjs specifically. Sorry.
[ Impact ]
mozjs102 is only used by gjs which in turn is used by GNOME Shell and
several GNOME apps written in JavaScript.
[ Tests ]
The build tests have passed successfully and the gjs autopkgtests
triggered by this upload have passed too. (mozjs102 itself
does not have autopkgtests yet).
I also completed the manual test cases from
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
on Debian Testing.
[ Risks ]
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other info ]
mozjs102 is the SpiderMonkey JavaScript engine from the current
Firefox ESR stable branch. There are monthly releases until the end of August.
https://whattrainisitnow.com/calendar/
I am unaware of anyone using Firefox vulnerabilities to attack GNOME
Shell, but I think it's good to be prudent and apply available
security updates. I don't think the Debian Security Team has done
security uploads for mozjs*, in part because Mozilla's lifecycle is so
short that it's difficult for an upstream supported mozjs to be in a
Debian stable release.
For more info about the commits, see the Github mirror:
https://github.com/mozilla/gecko-dev/commits/esr102/js
unblock mozjs102/102.11.0-1
Thank you,
Jeremy Bicha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mozjs-102.11.debdiff
Type: application/octet-stream
Size: 16268 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20230510/b420ec4c/attachment.obj>
More information about the pkg-gnome-maintainers
mailing list