Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.bugs.dist > #1254008

Bug#1109951: unblock: mozjs128/128.13.0-1

From Jeremy Bicha <jbicha@ubuntu.com>
Newsgroups linux.debian.bugs.dist, linux.debian.devel.release
Subject Bug#1109951: unblock: mozjs128/128.13.0-1
Date 2025-07-27 09:50 +0200
Message-ID <Ld4iR-33Sh-5@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Cross-posted to 2 groups.

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

Package: release.debian.org
Control: affects -1 + src:mozjs128
X-Debbugs-Cc: mozjs128@packages.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package mozjs128
or consider it as a stable update for Debian 13.1

[ Reason ]
New bugfix release

[ Impact ]
mozjs128 is the SpiderMonkey JavaScript engine from Firefox ESR 128.

There were no changes in 128.12, but 3 security fixes in 128.13:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/
https://github.com/mozilla-firefox/firefox/commits/esr128/js

mozjs128 is only used by gjs (for GNOME Shell and several GNOME apps)
and cjs (for Cinnamon). Practically, I am not aware of any Firefox
CVEs ever being used to attack the desktop via gjs or cjs. Notably,
debian-security-support says about mozjs128 "Not covered by security
support, only suitable for trusted content". Therefore, updates for
mozjs* are handled via regular updates.

https://salsa.debian.org/debian/debian-security-support/-/blob/master/security-support.deb13#L30

[ Tests ]
mozjs128 has a trivial autopkgtest which is passing

I also completed manual testing of all gjs apps as described at
https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs

[ Risks ]
mozjs128 is a key package for both GNOME and Cinnamon. Mozilla does a
good job of doing monthly releases with minimal, mostly security
related fixes for the ESR series.

One time a few years ago, a mozjs update broke the gnome-weather app
which was fixed with a simple rebuild of the app.

[ Checklist ]
  [✔️] all changes are documented in the d/changelog
  [✔️] I reviewed all changes and I approve them
  [✔️] attach debdiff against the package in testing

[ Other info ]
There is only one more scheduled 128.x release before the 128 series
reaches End of Life.

https://whattrainisitnow.com/calendar/

unblock mozjs128/128.13.0-1

Thank you,
Jeremy Bícha

Back to linux.debian.bugs.dist | Previous | Next | Find similar

Thread

Bug#1109951: unblock: mozjs128/128.13.0-1 Jeremy Bicha <jbicha@ubuntu.com> - 2025-07-27 09:50 +0200

csiph-web