Ubuntu
mozjs102 package

Bug #2023047
Activity log

Activity log for bug #2023047

Date	Who	What changed	Old value	New value	Message
2023-06-06 14:55:01	Jeremy Bícha	bug			added bug
2023-06-06 15:11:25	Jeremy Bícha	cve linked		2023-34416
2023-06-06 15:12:37	Jeremy Bícha	description	Impact ------ mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used by gjs to power GNOME Shell and some GNOME apps. There are new Firefox 102 ESR releases monthly until the end of August. https://whattrainisitnow.com/calendar/ Security Impact --------------- I looked through https://github.com/mozilla/gecko-dev/commits/esr102/js and searched for referenced bug numbers in https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/ and found one CVE Test Case --------- https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs Security Sponsoring ------------------- sudo apt install git-buildpackage mkdir ../tarballs; cd ../tarballs pull-lp-source mozjs102 mantic # That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while. cd .. gbp clone https://salsa.debian.org/gnome-team/mozjs cd mozjs git checkout ubuntu/102/lunar gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs git checkout ubuntu/102/kinetic gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs git checkout ubuntu/102/jammy gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs Initial Testing Done -------------------- I built the package locally. I installed the library package on Ubuntu 23.04 and successfully completed the Test Case. Other Info ---------- Ubuntu 22.04 LTS currently has no packages using it yet, but it is still a goal to update gjs there to use mozjs102. See LP: #1993214 Also, it's believed that Linux Mint will switch their cjs packages to use mozjs102 in 2023.	Impact ------ mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used by gjs to power GNOME Shell and some GNOME apps. There are new Firefox 102 ESR releases monthly until the end of August. https://whattrainisitnow.com/calendar/ Security Impact --------------- I looked through https://github.com/mozilla/gecko-dev/commits/esr102/js and searched for referenced bug numbers in https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/ and found one CVE, 2023-34416 Test Case --------- https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs Security Sponsoring ------------------- sudo apt install git-buildpackage mkdir ../tarballs; cd ../tarballs pull-lp-source mozjs102 mantic # That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while. cd .. gbp clone https://salsa.debian.org/gnome-team/mozjs cd mozjs git checkout ubuntu/102/lunar gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs git checkout ubuntu/102/kinetic gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs git checkout ubuntu/102/jammy gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs Initial Testing Done -------------------- I built the package locally. I installed the library package on Ubuntu 23.04 and successfully completed the Test Case. Other Info ---------- Ubuntu 22.04 LTS currently has no packages using it yet, but it is still a goal to update gjs there to use mozjs102. See LP: #1993214 Also, it's believed that Linux Mint will switch their cjs packages to use mozjs102 in 2023.
2023-06-06 15:59:02	Jeremy Bícha	mozjs102 (Ubuntu): status	In Progress	Fix Committed
2023-06-06 15:59:09	Jeremy Bícha	nominated for series		Ubuntu Kinetic
2023-06-06 15:59:09	Jeremy Bícha	bug task added		mozjs102 (Ubuntu Kinetic)
2023-06-06 15:59:09	Jeremy Bícha	nominated for series		Ubuntu Lunar
2023-06-06 15:59:09	Jeremy Bícha	bug task added		mozjs102 (Ubuntu Lunar)
2023-06-06 15:59:09	Jeremy Bícha	nominated for series		Ubuntu Jammy
2023-06-06 15:59:09	Jeremy Bícha	bug task added		mozjs102 (Ubuntu Jammy)
2023-06-06 16:06:31	Jeremy Bícha	mozjs102 (Ubuntu Jammy): status	New	Confirmed
2023-06-06 16:06:33	Jeremy Bícha	mozjs102 (Ubuntu Kinetic): status	New	Confirmed
2023-06-06 16:06:36	Jeremy Bícha	mozjs102 (Ubuntu Lunar): status	New	Confirmed
2023-06-06 16:07:38	Jeremy Bícha	description	Impact ------ mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used by gjs to power GNOME Shell and some GNOME apps. There are new Firefox 102 ESR releases monthly until the end of August. https://whattrainisitnow.com/calendar/ Security Impact --------------- I looked through https://github.com/mozilla/gecko-dev/commits/esr102/js and searched for referenced bug numbers in https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/ and found one CVE, 2023-34416 Test Case --------- https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs Security Sponsoring ------------------- sudo apt install git-buildpackage mkdir ../tarballs; cd ../tarballs pull-lp-source mozjs102 mantic # That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while. cd .. gbp clone https://salsa.debian.org/gnome-team/mozjs cd mozjs git checkout ubuntu/102/lunar gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs git checkout ubuntu/102/kinetic gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs git checkout ubuntu/102/jammy gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs Initial Testing Done -------------------- I built the package locally. I installed the library package on Ubuntu 23.04 and successfully completed the Test Case. Other Info ---------- Ubuntu 22.04 LTS currently has no packages using it yet, but it is still a goal to update gjs there to use mozjs102. See LP: #1993214 Also, it's believed that Linux Mint will switch their cjs packages to use mozjs102 in 2023.	Impact ------ mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used by gjs to power GNOME Shell and some GNOME apps. There are new Firefox 102 ESR releases monthly until the end of August. https://whattrainisitnow.com/calendar/ Security Impact --------------- I looked through https://github.com/mozilla/gecko-dev/commits/esr102/js and searched for referenced bug numbers in https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/ and found one CVE, 2023-34416 Test Case --------- https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs Additionally, mozjs102 has build tests. mozjs102 does not have autopkgtests of its own but it triggers the gjs autopkgtests. Security Sponsoring ------------------- sudo apt install git-buildpackage mkdir ../tarballs; cd ../tarballs pull-lp-source mozjs102 mantic # That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while. cd .. gbp clone https://salsa.debian.org/gnome-team/mozjs cd mozjs git checkout ubuntu/102/lunar gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs git checkout ubuntu/102/kinetic gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs git checkout ubuntu/102/jammy gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs Initial Testing Done -------------------- I built the package locally. I installed the library package on Ubuntu 23.04 and successfully completed the Test Case. Other Info ---------- Ubuntu 22.04 LTS currently has no packages using it yet, but it is still a goal to update gjs there to use mozjs102. See LP: #1993214 Also, it's believed that Linux Mint will switch their cjs packages to use mozjs102 in 2023.
2023-06-06 16:07:48	Jeremy Bícha	bug			added subscriber Ubuntu Security Sponsors Team
2023-06-06 17:11:56	Jeremy Bícha	description	Impact ------ mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used by gjs to power GNOME Shell and some GNOME apps. There are new Firefox 102 ESR releases monthly until the end of August. https://whattrainisitnow.com/calendar/ Security Impact --------------- I looked through https://github.com/mozilla/gecko-dev/commits/esr102/js and searched for referenced bug numbers in https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/ and found one CVE, 2023-34416 Test Case --------- https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs Additionally, mozjs102 has build tests. mozjs102 does not have autopkgtests of its own but it triggers the gjs autopkgtests. Security Sponsoring ------------------- sudo apt install git-buildpackage mkdir ../tarballs; cd ../tarballs pull-lp-source mozjs102 mantic # That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while. cd .. gbp clone https://salsa.debian.org/gnome-team/mozjs cd mozjs git checkout ubuntu/102/lunar gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs git checkout ubuntu/102/kinetic gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs git checkout ubuntu/102/jammy gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs Initial Testing Done -------------------- I built the package locally. I installed the library package on Ubuntu 23.04 and successfully completed the Test Case. Other Info ---------- Ubuntu 22.04 LTS currently has no packages using it yet, but it is still a goal to update gjs there to use mozjs102. See LP: #1993214 Also, it's believed that Linux Mint will switch their cjs packages to use mozjs102 in 2023.	Impact ------ mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used by gjs to power GNOME Shell and some GNOME apps. There are new Firefox 102 ESR releases monthly until the end of August. https://whattrainisitnow.com/calendar/ Security Impact --------------- I looked through https://github.com/mozilla/gecko-dev/commits/esr102/js and searched for referenced bug numbers in https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/ and found one CVE, 2023-34416 Test Case --------- https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs Additionally, mozjs102 has build tests. mozjs102 does not have autopkgtests of its own but it triggers the gjs autopkgtests. Security Sponsoring ------------------- sudo apt install git-buildpackage mkdir tarballs; cd ../tarballs pull-lp-source mozjs102 mantic # That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while. cd .. gbp clone https://salsa.debian.org/gnome-team/mozjs cd mozjs git checkout ubuntu/102/lunar gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs git checkout ubuntu/102/kinetic gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs git checkout ubuntu/102/jammy gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs Initial Testing Done -------------------- I built the package locally. I installed the library package on Ubuntu 23.04 and successfully completed the Test Case. Other Info ---------- Ubuntu 22.04 LTS currently has no packages using it yet, but it is still a goal to update gjs there to use mozjs102. See LP: #1993214 Also, it's believed that Linux Mint will switch their cjs packages to use mozjs102 in 2023.
2023-06-06 21:02:54	Launchpad Janitor	mozjs102 (Ubuntu): status	Fix Committed	Fix Released
2023-06-08 13:28:45	Launchpad Janitor	mozjs102 (Ubuntu Lunar): status	Confirmed	Fix Released
2023-06-08 13:28:47	Launchpad Janitor	mozjs102 (Ubuntu Jammy): status	Confirmed	Fix Released
2023-06-08 13:29:02	Launchpad Janitor	mozjs102 (Ubuntu Kinetic): status	Confirmed	Fix Released

Ubuntumozjs102 package

Activity log for bug #2023047

Ubuntu
mozjs102 package