Update oracular to new mozjs releases
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mozjs115 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
mozjs128 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Impact
------
Mozilla released new security updates today. I have compared the security advisories with the somewhat stripped down source code we build with and mentioned fixed security vulnerabilities in debian/changelog.
https:/
https:/
https:/
Other Info
----------
mozjs is the JavaScript engine from Firefox ESR. Mozilla provides security updates for an ESR series for about a year.
In an exceptional move, Mozilla has extended security support for the 115 series through March 2025 for old Windows and macOS users only. However, the source code is still provided so we continue packaging the security updates.
mozjs128 is used by gjs which powers GNOME Shell and several GNOME apps.
mozjs115 is currently used by cjs which powers Cinnamon.
description: | updated |
information type: | Public → Public Security |
This bug was fixed in the package mozjs115 - 115.16.0-1
---------------
mozjs115 (115.16.0-1) unstable; urgency=high
* New upstream release (LP: #2083344)
- CVE-2024-8381 Type confusion when looking up property names
- CVE-2024-8382 Internal event interfaces exposed to web content
- CVE-2024-8384 Garbage collection could mis-color cross-compartment objects
- CVE-2024-9401 Memory safety bugs
-- Jeremy Bícha <email address hidden> Tue, 01 Oct 2024 11:09:34 -0400