22853 – mozjs52 new security issues fixed in 52.7.2

Bug 22853 - mozjs52 new security issues fixed in 52.7.2

Summary: mozjs52 new security issues fixed in 52.7.2

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	7
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA7-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2018-03-31 22:27 CEST by David Walser
Modified:	2020-06-10 23:40 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:	mozjs52-52.3.0-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-03-31 22:27:10 CEST

Fedora has issued an advisory on March 27:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OBUZFVT55UJWHQEDNYUBCZSW6HVQC6VW/

The issues are fixed in 52.7.2.

David Walser 2018-05-04 08:40:46 CEST

Status comment: (none) => Fixed upstream in 52.7.2

David Walser 2019-06-23 19:29:52 CEST

Whiteboard: (none) => MGA7TOO

Comment 1 Nicolas Lécureuil 2020-05-29 02:09:46 CEST

fixed in cauldron, the version is 52.9.0esr

Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7
CC: (none) => mageia

Comment 2 David Walser 2020-05-29 03:02:50 CEST

Updated package uploaded by Nicolas.

Advisory:
========================

The mozjs52 package has been updated to version 52.9.0, including all of the
latest bug and security fixes from the 52 ESR branch.

References:
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OBUZFVT55UJWHQEDNYUBCZSW6HVQC6VW/
========================

Updated packages in core/updates_testing:
========================
libmozjs52-52.9.0-1.mga7
libmozjs52-devel-52.9.0-1.mga7

from mozjs52-52.9.0-1.mga7.src.rpm

CC: (none) => thierry.vignaud
Assignee: thierry.vignaud => qa-bugs
Status comment: Fixed upstream in 52.7.2 => (none)

Comment 3 Herman Viaene 2020-05-29 15:21:22 CEST

MGA7-64 Plasma on Lenovo B50
No installation issues
# urpmq --whatrequires lib64mozjs52
lib64cjs0
lib64mozjs52
Not much help.
I propose OK on clean install as other java stuff.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => herman.viaene

Comment 4 Thomas Andrews 2020-05-30 15:39:59 CEST

OK by me. Somebody correct us if we are wrong. Validating. Advisory in Comment 2.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Nicolas Lécureuil 2020-06-10 22:37:05 CEST

Keywords: (none) => advisory

Comment 5 Mageia Robot 2020-06-10 23:40:29 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2020-0138.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.