This bug was fixed in the package chromium-browser - 23.0.1271.97-0ubuntu0.10.04.1 --------------- chromium-browser (23.0.1271.97-0ubuntu0.10.04.1) lucid-security; urgency=low * Omit resources/extension/demo files from any packaging verification because they're unwanted. * Update README.source to include some of these changes. * Make most patches follow a common format (no timestamps), to avoid future churn. * debian/patches/chromium_useragent.patch.in renamed to drop ".in", OS "Ubuntu" hardcoded with no compilation-release name, and patch refreshed to follow new location of source. * In debian/rules, use "-delete" flag on find instead of "-exec rm {} \;", to be safer and faster. * Put REMOVED files in parent of "src", to be more certain of avoiding name collisions. * Also don't include python bytecode or cache files in orig tarball, and clean then up on "clean" rule. * Fix dpkg-source warning: Clean up python cached bytecode files. * Fix dpkg-source warning: Remove autoconf cache. * Override lintian complaints ancient-autotools-helper-file and unused-build-dependency-on-cdbs. * debian/patches/arm-neon.patch added to get ARM w/o Neon support. (LP: #1084852) * In debian/rules, avoid creating invalid subst expression in sed of DEBIAN* vars into files. * Remove unnecessary glib-header-single-entry.patch . * Add patches/struct-siginfo.patch to work around source bug in dereferencing internal stuct instead of public type. * New upstream version 23.0.1271.97 - CVE-2012-5139: Use-after-free with visibility events. - CVE-2012-5140: Use-after-free in URL loader. - CVE-2012-5141: Limit Chromoting client plug-in instantiation. - CVE-2012-5142: Crash in history navigation. - CVE-2012-5143: Integer overflow in PPAPI image buffers. - CVE-2012-5144: Stack corruption in AAC decoding. chromium-browser (23.0.1271.95-0ubuntu0.10.04.1) lucid-security; urgency=low [ Micah Gersten