[Desktop-packages] [Bug 2083344] Re: Update oracular to new mozjs releases

Wed, 02 Oct 2024 07:55:40 -0700 

This bug was fixed in the package mozjs128 - 128.3.0-1

---------------
mozjs128 (128.3.0-1) unstable; urgency=high

  * New upstream release (LP: #2083344)
    - CVE-2024-9396 Potential memory corruption when cloning certain objects
    - CVE-2024-9400 Potential memory corruption during JIT compilation
    - CVE-2024-9402 Memory safety bugs
  * Remove libatomic patch applied in new release
  * Revert "Add -latomic to LDFLAGS to try to fix armel build"

 -- Jeremy Bícha <jbi...@ubuntu.com>  Tue, 01 Oct 2024 11:46:49 -0400

** Changed in: mozjs128 (Ubuntu)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-9396

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-9400

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-9402

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to mozjs115 in Ubuntu.
https://bugs.launchpad.net/bugs/2083344

Title:
  Update oracular to new mozjs releases

Status in mozjs115 package in Ubuntu:
  Fix Released
Status in mozjs128 package in Ubuntu:
  Fix Released

Bug description:
  Impact
  ------
  Mozilla released new security updates today. I have compared the security 
advisories with the somewhat stripped down source code we build with and 
mentioned fixed security vulnerabilities in debian/changelog.

  https://www.mozilla.org/en-US/security/advisories/mfsa2024-47/ mozjs128
  https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/ mozjs115
  https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/ mozjs115

  Other Info
  ----------
  mozjs is the JavaScript engine from Firefox ESR. Mozilla provides security 
updates for an ESR series for about a year.

  In an exceptional move, Mozilla has extended security support for the
  115 series through March 2025 for old Windows and macOS users only.
  However, the source code is still provided so we continue packaging
  the security updates.

  mozjs128 is used by gjs which powers GNOME Shell and several GNOME apps.
  mozjs115 is currently used by cjs which powers Cinnamon.

  https://whattrainisitnow.com/calendar/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mozjs115/+bug/2083344/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to