This bug was fixed in the package mozjs115 - 115.10.0-1 --------------- mozjs115 (115.10.0-1) unstable; urgency=high
* New upstream release (LP: #2061860) - CVE-2024-3852: GetBoundName in the JIT returned the wrong object - CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement - CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection -- Jeremy BĂcha <jbi...@ubuntu.com> Tue, 16 Apr 2024 07:52:09 -0400 ** Changed in: mozjs115 (Ubuntu) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-3852 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-3854 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-3857 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to mozjs115 in Ubuntu. https://bugs.launchpad.net/bugs/2061860 Title: Update mozjs115 to 115.10.0 Status in mozjs115 package in Ubuntu: Fix Released Bug description: Includes some security fixes The build is fairly quick and the autopkgtest burden should be minimal, probably just gjs. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mozjs115/+bug/2061860/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp