Ubuntu
mozjs102 package

Update mozjs102 to 102.13.0

Bug #2026197 reported by Jeremy Bícha
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mozjs102 (Ubuntu)
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Undecided
Marc Deslauriers
Kinetic
Fix Released
Undecided
Marc Deslauriers
Lunar
Fix Released
Undecided
Marc Deslauriers

Bug Description

Impact
------
mozjs102 is the SpiderMonkey JavaScript engine from Firefox ESR. It is used by gjs to power GNOME Shell and some GNOME apps.

There are new Firefox 102 ESR releases monthly until the end of August.
https://whattrainisitnow.com/calendar/

Security Impact
---------------
I looked through
https://github.com/mozilla/gecko-dev/commits/esr102/js
and searched for referenced bug numbers in
https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/
and found two CVEs
CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey
CVE-2023-37211: Memory safety bugs

Test Case
---------
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs

Additionally, mozjs102 has build tests. mozjs102 does not have autopkgtests of its own but it triggers the gjs autopkgtests.

Security Sponsoring
-------------------
sudo apt install git-buildpackage

mkdir tarballs; cd ../tarballs
pull-lp-source mozjs102 mantic
# That avoids needing to recreate the original tarball from pristine-tar which takes a while. Also, running lintian takes a while.
cd ..
gbp clone https://salsa.debian.org/gnome-team/mozjs
cd mozjs
git checkout ubuntu/102/lunar
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs

git checkout ubuntu/102/kinetic
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs

git checkout ubuntu/102/jammy
gbp buildpackage --git-builder="debuild --no-lintian -S -nc" --git-tarball-dir=../tarballs

Initial Testing Done
--------------------
I built the package locally.
I installed the library package on Ubuntu 23.04 and successfully completed the Test Case.

Other Info
----------
It is believed that the only thing using mozjs102 in Ubuntu 22.04 LTS is actually cjs in Linux Mint 21.2 (in Beta testing). It has been proposed to switch Ubuntu's gjs to use it there also but that is currently on hold (benefit/risk analysis). See LP: #1993214

See original description

CVE References

Jeremy Bícha (jbicha)
description: updated
Changed in mozjs102 (Ubuntu Jammy):
status: New → Confirmed
Changed in mozjs102 (Ubuntu Kinetic):
status: New → Confirmed
Changed in mozjs102 (Ubuntu Lunar):
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mozjs102 - 102.13.0-1

---------------
mozjs102 (102.13.0-1) unstable; urgency=high

  * New upstream release (LP: #2026197)
    - CVE-2023-37202: Potential use-after-free from compartment mismatch
      in SpiderMonkey
    - CVE-2023-37211: Memory safety bugs

 -- Jeremy Bícha <email address hidden> Wed, 05 Jul 2023 09:05:35 -0400

Changed in mozjs102 (Ubuntu):
status: Fix Committed → Fix Released
Marc Deslauriers (mdeslaur)
Changed in mozjs102 (Ubuntu Jammy):
status: Confirmed → In Progress
Changed in mozjs102 (Ubuntu Kinetic):
status: Confirmed → In Progress
Changed in mozjs102 (Ubuntu Lunar):
status: Confirmed → In Progress
Changed in mozjs102 (Ubuntu Jammy):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mozjs102 (Ubuntu Kinetic):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mozjs102 (Ubuntu Lunar):
assignee: nobody → Marc Deslauriers (mdeslaur)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mozjs102 - 102.13.0-0ubuntu0.23.04.1

---------------
mozjs102 (102.13.0-0ubuntu0.23.04.1) lunar-security; urgency=medium

  * New upstream release (LP: #2026197)
    - CVE-2023-37202: Potential use-after-free from compartment mismatch
      in SpiderMonkey
    - CVE-2023-37211: Memory safety bugs

 -- Jeremy Bícha <email address hidden> Thu, 06 Jul 2023 07:12:35 -0400

Changed in mozjs102 (Ubuntu Lunar):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mozjs102 - 102.13.0-0ubuntu0.22.10.1

---------------
mozjs102 (102.13.0-0ubuntu0.22.10.1) kinetic-security; urgency=medium

  * New upstream release (LP: #2026197)
    - CVE-2023-37202: Potential use-after-free from compartment mismatch
      in SpiderMonkey
    - CVE-2023-37211: Memory safety bugs

 -- Jeremy Bícha <email address hidden> Thu, 06 Jul 2023 07:11:52 -0400

Changed in mozjs102 (Ubuntu Kinetic):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mozjs102 - 102.13.0-0ubuntu0.22.04.1

---------------
mozjs102 (102.13.0-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * New upstream release (LP: #2026197)
    - CVE-2023-37202: Potential use-after-free from compartment mismatch
      in SpiderMonkey
    - CVE-2023-37211: Memory safety bugs

 -- Jeremy Bícha <email address hidden> Thu, 06 Jul 2023 07:10:18 -0400

Changed in mozjs102 (Ubuntu Jammy):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.