This bug was fixed in the package chromium-browser -
7.0.517.44~r64615-0ubuntu1
---------------
chromium-browser (7.0.517.44~r64615-0ubuntu1) natty; urgency=high
* New upstream Major release from the Stable Channel (LP: #671420), also
fixing the following security issues:
- [51602] High, Use-after-free in text editing. Credit to David Bloom of
the Google Security Team, Google Chrome Security Team (Inferno) and
Google Chrome Security Team (Cris Neckar).
- [55257] High, Memory corruption with enormous text area. Credit to wushi
of team509.
- [58657] High, Bad cast with the SVG use element. Credit to the kuzzcc.
- [58731] High, Invalid memory read in XPath handling. Credit to Bui Quang
Minh from Bkis (www.bkis.com).
- [58741] High, Use-after-free in text control selections. Credit to
“vkouchna”.
- [59320] High, Integer overflows in font handling. Credit to Aki Helin of
OUSPG.
- [60055] High, Memory corruption in libvpx. Credit to Christoph Diehl.
- [60238] High, Bad use of destroyed frame object. Credit to various
developers, including “gundlach”.
- [60327] [60769] [61255] High, Type confusions with event objects. Credit
to “fam.lam” and Google Chrome Security Team (Inferno).
- [60688] High, Out-of-bounds array access in SVG handling. Credit to wushi
of team509.
* Work-around a gcc 4.5 miscompilation bug causing a regression in the
omnibar, breaking searches (LP: #664584)
- add debian/patches/gcc-4.5-build-workaround.patch
- update debian/patches/series
-- Fabien Tassin <f...@ubuntu.com> Thu, 04 Nov 2010 20:53:09 +0100
** Changed in: chromium-browser (Ubuntu Natty)
Status: Fix Committed => Fix Released
--
7.0.517.41~r62167 -> 7.0.517.44~r64615 security update
https://bugs.launchpad.net/bugs/671420
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
