UbuntuUpdates.org

Package "libmozjs-52-0"

Name: libmozjs-52-0

Description:

SpiderMonkey JavaScript library

Latest version: 52.9.1-0ubuntu0.18.04.1
Release: bionic (18.04)
Level: updates
Repository: main
Head package: mozjs52
Homepage: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey

Links


Download "libmozjs-52-0"


Other versions of "libmozjs-52-0" in Bionic

Repository Area Version
base main 52.3.1-7fakesync1
security main 52.9.1-0ubuntu0.18.04.1

Changelog

Version: 52.9.1-0ubuntu0.18.04.1 2018-08-22 11:06:48 UTC

  mozjs52 (52.9.1-0ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Multiple memory safety issues
    - CVE-2018-5188

  * Update to 52.9.1esr
  * Run dh_autoreconf
    - add debian/autogen.sh
    - update debian/rules
    - remove debian/patches/pre-generate-old-configure.patch
    - update debian/patches/series
  * Drop obsolete configure flags
    - update debian/rules
    - remove debian/patches/include-configure-script.patch
    - update debian/patches/series

 -- Chris Coulson <email address hidden> Tue, 21 Aug 2018 18:41:30 +0100

Source diff to previous version

Version: 52.8.1-0ubuntu0.18.04.1 2018-06-19 16:07:00 UTC

  mozjs52 (52.8.1-0ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Multiple memory safety issues
    - CVE-2017-7810, CVE-2017-7826, CVE-2018-5089, CVE-2018-5125,
      CVE-2018-5150

  * Update to 52.8.1esr
  * Drop patches that are fixed upstream
    - remove debian/patches/remove-nspr-dependency.patch
    - remove debian/patches/tests-skip-on-all-64-bit-archs.patch
    - update debian/patches/series
  * Refresh patches
    - update debian/patches/include-configure-script.patch - the
      configure script is included in the tarball now. This patch should
      probably be renamed to something more appropriate
    - update debian/patches/pre-generate-old-configure.patch - a pre-generated
      old-configure script is included in the tarball now, although the one
      generated by js/src/make-source-package.sh includes the wrong aclocal.m4
      and doesn't work, so regenerate it again with the correct aclocal.m4
  * Move pre-generate-old-configure.patch to after
    Allow-to-override-ICU_DATA_FILE-from-the-environment.patch and drop
    Patch-pregenerated-old-configure-to-match-build-autoconf-.patch
    - update debian/patches/series
    - remove debian/patches/Patch-pregenerated-old-configure-to-match-build-autoconf-.patch
    - update debian/patches/pre-generate-old-configure.patch to refresh old-configure
  * Don't build-depend on libicu-dev - the bundled ICU is used and the
    distro ICU package ships the layout engine API since 60.2, which
    causes intl/icu_sources_data.py to fail due to source files excluded from
    the Mozilla source

 -- Chris Coulson <email address hidden> Mon, 11 Jun 2018 18:00:08 +0100

CVE-2017-7810 Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with
CVE-2017-7826 Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with
CVE-2018-5089 Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with
CVE-2018-5125 Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with
CVE-2018-5150 Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and w



About   -   Send Feedback to @ubuntu_updates