This bug was fixed in the package mozjs102 - 102.13.0-1
---------------
mozjs102 (102.13.0-1) unstable; urgency=high
* New upstream release (LP: #2026197)
- CVE-2023-37202: Potential use-after-free from compartment mismatch
in SpiderMonkey
- CVE-2023-37211: Memory safety bugs
-- Jeremy Bícha <jbi...@ubuntu.com> Wed, 05 Jul 2023 09:05:35 -0400
** Changed in: mozjs102 (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to mozjs102 in Ubuntu.
https://bugs.launchpad.net/bugs/2026197
Title:
Update mozjs102 to 102.13.0
Status in mozjs102 package in Ubuntu:
Fix Released
Status in mozjs102 source package in Jammy:
Confirmed
Status in mozjs102 source package in Kinetic:
Confirmed
Status in mozjs102 source package in Lunar:
Confirmed
Bug description:
Impact
------
mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used
by gjs to power GNOME Shell and some GNOME apps.
There are new Firefox 102 ESR releases monthly until the end of August.
https://whattrainisitnow.com/calendar/
Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/
and found two CVEs
CVE-2023-37202: Potential use-after-free from compartment mismatch in
SpiderMonkey
CVE-2023-37211: Memory safety bugs
Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs
Additionally, mozjs102 has build tests. mozjs102 does not have
autopkgtests of its own but it triggers the gjs autopkgtests.
Security Sponsoring
-------------------
sudo apt install git-buildpackage
mkdir tarballs; cd ../tarballs
pull-lp-source mozjs102 mantic
# That avoids needing to recreate the original tarball from pristine-tar
which takes a while. Also, running lintian takes a while.
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/lunar
gbp buildpackage --git-builder="debuild --no-lintian -S -nc"
--git-tarball-dir=../tarballs
git checkout ubuntu/102/kinetic
gbp buildpackage --git-builder="debuild --no-lintian -S -nc"
--git-tarball-dir=../tarballs
git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc"
--git-tarball-dir=../tarballs
Initial Testing Done
--------------------
I built the package locally.
I installed the library package on Ubuntu 23.04 and successfully completed
the Test Case.
Other Info
----------
It is believed that the only thing using mozjs102 in Ubuntu 22.04 LTS is
actually cjs in Linux Mint 21.2 (in Beta testing). It has been proposed to
switch Ubuntu's gjs to use it there also but that is currently on hold
(benefit/risk analysis). See LP: #1993214
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mozjs102/+bug/2026197/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
