This bug was fixed in the package chromium-browser - 9.0.597.94~r73967-0ubuntu0.10.10.1
--------------- chromium-browser (9.0.597.94~r73967-0ubuntu0.10.10.1) maverick-security; urgency=high * New upstream release from the Stable Channel (LP: #715357) This release fixes the following security issues: - [67234] High, Stale pointer in animation event handling. Credit to Rik Cabanier. - [68120] High, Use-after-free in SVG font faces. Credit to miaubiz. - [69556] High, Stale pointer with anonymous block handling. Credit to Martin Barbella. - [69970] Medium, Out-of-bounds read in plug-in handling. Credit to Bill Budge of Google. - [70456] Medium, Possible failure to terminate process on out-of-memory condition. Credit to David Warren of CERT/CC. * Update the gl dlopen patch to search for libGLESv2.so.2 instead of .1 - update debian/patches/dlopen_sonamed_gl.patch -- Fabien Tassin <f...@ubuntu.com> Tue, 08 Feb 2011 20:18:51 +0100 ** Changed in: chromium-browser (Ubuntu Maverick) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/715357 Title: 9.0.597.84 -> 9.0.597.94 upgrade -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs