Your message dated Sun, 27 Jul 2025 07:54:25 +0000 with message-id <E1ufwDB-00GwsU-0Z@respighi.debian.org> and subject line unblock mozjs128 has caused the Debian Bug report #1109951, regarding unblock: mozjs128/128.13.0-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1109951: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109951 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: unblock: mozjs128/128.13.0-1
- From: Jeremy Bicha <jbicha@ubuntu.com>
- Date: Sun, 27 Jul 2025 09:24:23 +0200
- Message-id: <[🔎] CAAajCMZBQ=uQJ4GyrUHzggLdKp3YGbcvwn1pd77gTz6sb35OWw@mail.gmail.com>
Package: release.debian.org Control: affects -1 + src:mozjs128 X-Debbugs-Cc: mozjs128@packages.debian.org User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package mozjs128 or consider it as a stable update for Debian 13.1 [ Reason ] New bugfix release [ Impact ] mozjs128 is the SpiderMonkey JavaScript engine from Firefox ESR 128. There were no changes in 128.12, but 3 security fixes in 128.13: https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/ https://github.com/mozilla-firefox/firefox/commits/esr128/js mozjs128 is only used by gjs (for GNOME Shell and several GNOME apps) and cjs (for Cinnamon). Practically, I am not aware of any Firefox CVEs ever being used to attack the desktop via gjs or cjs. Notably, debian-security-support says about mozjs128 "Not covered by security support, only suitable for trusted content". Therefore, updates for mozjs* are handled via regular updates. https://salsa.debian.org/debian/debian-security-support/-/blob/master/security-support.deb13#L30 [ Tests ] mozjs128 has a trivial autopkgtest which is passing I also completed manual testing of all gjs apps as described at https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs [ Risks ] mozjs128 is a key package for both GNOME and Cinnamon. Mozilla does a good job of doing monthly releases with minimal, mostly security related fixes for the ESR series. One time a few years ago, a mozjs update broke the gnome-weather app which was fixed with a simple rebuild of the app. [ Checklist ] [✔️] all changes are documented in the d/changelog [✔️] I reviewed all changes and I approve them [✔️] attach debdiff against the package in testing [ Other info ] There is only one more scheduled 128.x release before the 128 series reaches End of Life. https://whattrainisitnow.com/calendar/ unblock mozjs128/128.13.0-1 Thank you, Jeremy BíchaAttachment: mozjs128_128.13.0-1.debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
- To: 1109951-done@bugs.debian.org
- Subject: unblock mozjs128
- From: Sebastian Ramacher <sramacher@respighi.debian.org>
- Date: Sun, 27 Jul 2025 07:54:25 +0000
- Message-id: <E1ufwDB-00GwsU-0Z@respighi.debian.org>
Unblocked.
--- End Message ---