2023-06-06 14:55:01 |
Jeremy Bícha |
bug |
|
|
added bug |
2023-06-06 15:11:25 |
Jeremy Bícha |
cve linked |
|
2023-34416 |
|
2023-06-06 15:12:37 |
Jeremy Bícha |
description |
Impact
------
mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used by gjs to power GNOME Shell and some GNOME apps.
There are new Firefox 102 ESR releases monthly until the end of August.
https://whattrainisitnow.com/calendar/
Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/
and found one CVE
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Security Sponsoring
-------------------
sudo apt install git-buildpackage
mkdir ../tarballs; cd ../tarballs
pull-lp-source mozjs102 mantic
# That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while.
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/lunar
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
git checkout ubuntu/102/kinetic
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
Initial Testing Done
--------------------
I built the package locally.
I installed the library package on Ubuntu 23.04 and successfully completed the Test Case.
Other Info
----------
Ubuntu 22.04 LTS currently has no packages using it yet, but it is still a goal to update gjs there to use mozjs102. See LP: #1993214
Also, it's believed that Linux Mint will switch their cjs packages to use mozjs102 in 2023. |
Impact
------
mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used by gjs to power GNOME Shell and some GNOME apps.
There are new Firefox 102 ESR releases monthly until the end of August.
https://whattrainisitnow.com/calendar/
Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/
and found one CVE, 2023-34416
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Security Sponsoring
-------------------
sudo apt install git-buildpackage
mkdir ../tarballs; cd ../tarballs
pull-lp-source mozjs102 mantic
# That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while.
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/lunar
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
git checkout ubuntu/102/kinetic
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
Initial Testing Done
--------------------
I built the package locally.
I installed the library package on Ubuntu 23.04 and successfully completed the Test Case.
Other Info
----------
Ubuntu 22.04 LTS currently has no packages using it yet, but it is still a goal to update gjs there to use mozjs102. See LP: #1993214
Also, it's believed that Linux Mint will switch their cjs packages to use mozjs102 in 2023. |
|
2023-06-06 15:59:02 |
Jeremy Bícha |
mozjs102 (Ubuntu): status |
In Progress |
Fix Committed |
|
2023-06-06 15:59:09 |
Jeremy Bícha |
nominated for series |
|
Ubuntu Kinetic |
|
2023-06-06 15:59:09 |
Jeremy Bícha |
bug task added |
|
mozjs102 (Ubuntu Kinetic) |
|
2023-06-06 15:59:09 |
Jeremy Bícha |
nominated for series |
|
Ubuntu Lunar |
|
2023-06-06 15:59:09 |
Jeremy Bícha |
bug task added |
|
mozjs102 (Ubuntu Lunar) |
|
2023-06-06 15:59:09 |
Jeremy Bícha |
nominated for series |
|
Ubuntu Jammy |
|
2023-06-06 15:59:09 |
Jeremy Bícha |
bug task added |
|
mozjs102 (Ubuntu Jammy) |
|
2023-06-06 16:06:31 |
Jeremy Bícha |
mozjs102 (Ubuntu Jammy): status |
New |
Confirmed |
|
2023-06-06 16:06:33 |
Jeremy Bícha |
mozjs102 (Ubuntu Kinetic): status |
New |
Confirmed |
|
2023-06-06 16:06:36 |
Jeremy Bícha |
mozjs102 (Ubuntu Lunar): status |
New |
Confirmed |
|
2023-06-06 16:07:38 |
Jeremy Bícha |
description |
Impact
------
mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used by gjs to power GNOME Shell and some GNOME apps.
There are new Firefox 102 ESR releases monthly until the end of August.
https://whattrainisitnow.com/calendar/
Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/
and found one CVE, 2023-34416
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Security Sponsoring
-------------------
sudo apt install git-buildpackage
mkdir ../tarballs; cd ../tarballs
pull-lp-source mozjs102 mantic
# That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while.
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/lunar
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
git checkout ubuntu/102/kinetic
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
Initial Testing Done
--------------------
I built the package locally.
I installed the library package on Ubuntu 23.04 and successfully completed the Test Case.
Other Info
----------
Ubuntu 22.04 LTS currently has no packages using it yet, but it is still a goal to update gjs there to use mozjs102. See LP: #1993214
Also, it's believed that Linux Mint will switch their cjs packages to use mozjs102 in 2023. |
Impact
------
mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used by gjs to power GNOME Shell and some GNOME apps.
There are new Firefox 102 ESR releases monthly until the end of August.
https://whattrainisitnow.com/calendar/
Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/
and found one CVE, 2023-34416
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Additionally, mozjs102 has build tests. mozjs102 does not have autopkgtests of its own but it triggers the gjs autopkgtests.
Security Sponsoring
-------------------
sudo apt install git-buildpackage
mkdir ../tarballs; cd ../tarballs
pull-lp-source mozjs102 mantic
# That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while.
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/lunar
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
git checkout ubuntu/102/kinetic
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
Initial Testing Done
--------------------
I built the package locally.
I installed the library package on Ubuntu 23.04 and successfully completed the Test Case.
Other Info
----------
Ubuntu 22.04 LTS currently has no packages using it yet, but it is still a goal to update gjs there to use mozjs102. See LP: #1993214
Also, it's believed that Linux Mint will switch their cjs packages to use mozjs102 in 2023. |
|
2023-06-06 16:07:48 |
Jeremy Bícha |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
2023-06-06 17:11:56 |
Jeremy Bícha |
description |
Impact
------
mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used by gjs to power GNOME Shell and some GNOME apps.
There are new Firefox 102 ESR releases monthly until the end of August.
https://whattrainisitnow.com/calendar/
Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/
and found one CVE, 2023-34416
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Additionally, mozjs102 has build tests. mozjs102 does not have autopkgtests of its own but it triggers the gjs autopkgtests.
Security Sponsoring
-------------------
sudo apt install git-buildpackage
mkdir ../tarballs; cd ../tarballs
pull-lp-source mozjs102 mantic
# That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while.
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/lunar
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
git checkout ubuntu/102/kinetic
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
Initial Testing Done
--------------------
I built the package locally.
I installed the library package on Ubuntu 23.04 and successfully completed the Test Case.
Other Info
----------
Ubuntu 22.04 LTS currently has no packages using it yet, but it is still a goal to update gjs there to use mozjs102. See LP: #1993214
Also, it's believed that Linux Mint will switch their cjs packages to use mozjs102 in 2023. |
Impact
------
mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used by gjs to power GNOME Shell and some GNOME apps.
There are new Firefox 102 ESR releases monthly until the end of August.
https://whattrainisitnow.com/calendar/
Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/
and found one CVE, 2023-34416
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Additionally, mozjs102 has build tests. mozjs102 does not have autopkgtests of its own but it triggers the gjs autopkgtests.
Security Sponsoring
-------------------
sudo apt install git-buildpackage
mkdir tarballs; cd ../tarballs
pull-lp-source mozjs102 mantic
# That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while.
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/lunar
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
git checkout ubuntu/102/kinetic
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs
Initial Testing Done
--------------------
I built the package locally.
I installed the library package on Ubuntu 23.04 and successfully completed the Test Case.
Other Info
----------
Ubuntu 22.04 LTS currently has no packages using it yet, but it is still a goal to update gjs there to use mozjs102. See LP: #1993214
Also, it's believed that Linux Mint will switch their cjs packages to use mozjs102 in 2023. |
|
2023-06-06 21:02:54 |
Launchpad Janitor |
mozjs102 (Ubuntu): status |
Fix Committed |
Fix Released |
|
2023-06-08 13:28:45 |
Launchpad Janitor |
mozjs102 (Ubuntu Lunar): status |
Confirmed |
Fix Released |
|
2023-06-08 13:28:47 |
Launchpad Janitor |
mozjs102 (Ubuntu Jammy): status |
Confirmed |
Fix Released |
|
2023-06-08 13:29:02 |
Launchpad Janitor |
mozjs102 (Ubuntu Kinetic): status |
Confirmed |
Fix Released |
|