Update mozjs91 to 91.10

Bug #1978961 reported by Jeremy Bícha
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mozjs91 (Ubuntu)
Fix Released
High
Unassigned

Bug Description

Impact
------
mozjs91 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used by gjs to power GNOME Shell and some GNOME apps.

I looked through
https://github.com/mozilla/gecko-dev/commits/esr91/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/
for Firefox ESR releases since Ubuntu's 91.7

and found two bugs. There may be other security-relevant bug fixes in the new version.

This update also fixes a build test failure that would have interfered with other security or bugfix updates. LP: #1976260

Testing Done
------------
I completed a build test.

I successfully logged into the default Ubuntu session (uses GNOME Shell) on Ubuntu 22.04 LTS with the updated mozjs91 and ran a few GJS apps (GNOME Characters, GNOME Weather).

Other Info
----------
The final mozjs91 release is expected in late August:
https://wiki.mozilla.org/Release_Management/Calendar

Packaging is maintained at
https://salsa.debian.org/gnome-team/mozjs/-/tree/ubuntu/91/jammy

CVE References

Jeremy Bícha (jbicha)
Changed in mozjs91 (Ubuntu):
status: New → Incomplete
description: updated
Revision history for this message
Jeremy Bícha (jbicha) wrote :
description: updated
Changed in mozjs91 (Ubuntu):
status: Incomplete → Confirmed
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mozjs91 - 91.10.0-0ubuntu1

---------------
mozjs91 (91.10.0-0ubuntu1) jammy-security; urgency=medium

  [ Jeremy Bicha ]
  * SECURITY UPDATE: Multiple issues (LP: #1978961)
    - CVE-2022-28285: Incorrect AliasSet used in JIT Codegen
    - CVE-2022-31740: Register allocation problem in WASM on arm64
  * Drop Bug-1687417-MIPS32 patch: applied in new release

  [ Simon McVittie ]
  * Add a patch to fix test failure with vendored ICU (LP: #1976260)

 -- Jeremy Bicha <email address hidden> Thu, 16 Jun 2022 10:11:50 -0400

Changed in mozjs91 (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.