| 2018-08-02 01:53:59 |
Jeremy Bícha |
bug |
|
|
added bug |
| 2018-08-02 01:54:07 |
Jeremy Bícha |
nominated for series |
|
Ubuntu Bionic |
|
| 2018-08-02 01:54:07 |
Jeremy Bícha |
bug task added |
|
mozjs52 (Ubuntu Bionic) |
|
| 2018-08-02 01:54:19 |
Jeremy Bícha |
mozjs52 (Ubuntu Bionic): status |
New |
Triaged |
|
| 2018-08-02 01:54:36 |
Jeremy Bícha |
cve linked |
|
2018-5188 |
|
| 2018-08-02 01:55:17 |
Jeremy Bícha |
description |
Impact
------
mozjs is Firefox's Spidermonkey JavaScript engine. mozjs52 is derived from Firefox 52 ESR. 52.9 is the final scheduled release in the 52 series. (mozjs itself never got "official releases" from Mozilla.)
By comparing the bug numbers in the release notes with the bug numbers mentioned at https://github.com/mozilla/gecko-dev/commits/esr52/js/src/ it looks like the new release includes one or more memory safety bugs identified as CVE-2018-5188.
GNOME Shell (Ubuntu's default interface in Ubuntu 18.04 LTS) requires mozjs52. Nothing else in Ubuntu 18.04 LTS uses mozjs52.
References
----------
https://www.mozilla.org/en-US/firefox/52.9.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/
https://wiki.ubuntu.com/SecurityTeam/FAQ#mozjs
Test Case
---------
Install the update. Restart your computer. Log in and make sure the default desktop still works.
Regression Potential
--------------------
This is a minor release in the long-term support series. I count about 6 cherry-picked targeted commits.
Other Info
----------
I believe the version in Ubuntu 18.10 (synced with Debian) goes back to building with the distro's ICU library instead of the bundled version. Maybe we should backport from 18.10 instead of a more minimal diff against the Ubuntu version.
A diff of the 18.10 version is at https://launchpad.net/ubuntu/+source/mozjs52/52.9.1-1 |
Impact
------
mozjs is Firefox's Spidermonkey JavaScript engine. mozjs52 is derived from Firefox 52 ESR. 52.9 is the final scheduled release in the 52 series. (mozjs itself never got "official releases" from Mozilla.)
By comparing the bug numbers in the release notes with the bug numbers mentioned at https://github.com/mozilla/gecko-dev/commits/esr52/js/src/ it looks like the new release includes fixes for one or more memory safety bugs identified as CVE-2018-5188.
GNOME Shell (Ubuntu's default interface in Ubuntu 18.04 LTS) requires mozjs52. Nothing else in Ubuntu 18.04 LTS uses mozjs52.
References
----------
https://www.mozilla.org/en-US/firefox/52.9.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/
https://wiki.ubuntu.com/SecurityTeam/FAQ#mozjs
Test Case
---------
Install the update. Restart your computer. Log in and make sure the default desktop still works.
Regression Potential
--------------------
This is a minor release in the long-term support series. I count about 6 cherry-picked targeted commits.
Other Info
----------
I believe the version in Ubuntu 18.10 (synced with Debian) goes back to building with the distro's ICU library instead of the bundled version. Maybe we should backport from 18.10 instead of a more minimal diff against the Ubuntu version.
A diff of the 18.10 version is at https://launchpad.net/ubuntu/+source/mozjs52/52.9.1-1 |
|
| 2018-08-02 03:14:52 |
Jeremy Bícha |
description |
Impact
------
mozjs is Firefox's Spidermonkey JavaScript engine. mozjs52 is derived from Firefox 52 ESR. 52.9 is the final scheduled release in the 52 series. (mozjs itself never got "official releases" from Mozilla.)
By comparing the bug numbers in the release notes with the bug numbers mentioned at https://github.com/mozilla/gecko-dev/commits/esr52/js/src/ it looks like the new release includes fixes for one or more memory safety bugs identified as CVE-2018-5188.
GNOME Shell (Ubuntu's default interface in Ubuntu 18.04 LTS) requires mozjs52. Nothing else in Ubuntu 18.04 LTS uses mozjs52.
References
----------
https://www.mozilla.org/en-US/firefox/52.9.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/
https://wiki.ubuntu.com/SecurityTeam/FAQ#mozjs
Test Case
---------
Install the update. Restart your computer. Log in and make sure the default desktop still works.
Regression Potential
--------------------
This is a minor release in the long-term support series. I count about 6 cherry-picked targeted commits.
Other Info
----------
I believe the version in Ubuntu 18.10 (synced with Debian) goes back to building with the distro's ICU library instead of the bundled version. Maybe we should backport from 18.10 instead of a more minimal diff against the Ubuntu version.
A diff of the 18.10 version is at https://launchpad.net/ubuntu/+source/mozjs52/52.9.1-1 |
Impact
------
mozjs is Firefox's Spidermonkey JavaScript engine. mozjs52 is derived from Firefox 52 ESR. 52.9 is the final scheduled release in the 52 series. (mozjs itself never got "official releases" from Mozilla.)
By comparing the bug numbers in the release notes with the bug numbers mentioned at https://github.com/mozilla/gecko-dev/commits/esr52/js/src/ it looks like the new release includes one or more memory safety bugs identified as CVE-2018-5188.
GNOME Shell (Ubuntu's default interface in Ubuntu 18.04 LTS) requires mozjs52. Nothing else in Ubuntu 18.04 LTS uses mozjs52.
References
----------
https://www.mozilla.org/en-US/firefox/52.9.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/
https://wiki.ubuntu.com/SecurityTeam/FAQ#mozjs
Test Case
---------
Install the update. Restart your computer. Log in and make sure the default desktop still works.
Regression Potential
--------------------
This is a minor release in the long-term support series. I count about 6 cherry-picked targeted commits.
Other Info
----------
I believe the version in Ubuntu 18.10 (synced with Debian) goes back to building with the distro's ICU library instead of the bundled version. Maybe we should backport from 18.10 instead of a more minimal diff against the Ubuntu version. I did verify that a backport builds on Ubuntu 18.04 LTS.
A diff of the 18.10 version is at https://launchpad.net/ubuntu/+source/mozjs52/52.9.1-1 |
|
| 2018-09-04 14:05:54 |
Sebastien Bacher |
mozjs52 (Ubuntu Bionic): status |
Triaged |
Fix Released |
|
