Ubuntu
chromium-browser package

  1. Oneiric (11.10)
  2. Bug #803107
  3. Comment #12

Comment 12 for bug 803107

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 12.0.742.112~r90304-0ubuntu0.11.04.1

---------------
chromium-browser (12.0.742.112~r90304-0ubuntu0.11.04.1) natty-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New Minor upstream release from the Stable Channel (LP: #803107)
    This release fixes the following security issues:
    + WebKit issues:
      - [84355] High, CVE-2011-2346: Use-after-free in SVG font handling.
        Credit to miaubiz.
      - [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit
        to miaubiz.
      - [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the
        HTML parser. Credit to miaubiz.
      - [85211] High, CVE-2011-2351: Use-after-free with SVG use element.
        Credit to miaubiz.
      - [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit
        to miaubiz.
    + Chromium issues:
      - [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string
        handling. Credit to Philippe Arteau.
      - [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki
        Helin of OUSPG.
 -- Micah Gersten <email address hidden> Thu, 30 Jun 2011 12:52:08 +0100