CVE-2009-2555 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2555): Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.
voyageur: I'm not sure about the versioning of chrome/chromium, or where I can search for info; can you have look? Adding phajdan (see #279818), so he can have a look, too ;)
CVE-2009-2555 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2555): Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression. CVE-2009-2556 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2556): Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation. CVE-2009-2578 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2578): Google Chrome 2.x through 2.0.172 allows remote attackers to cause a denial of service (application crash) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.
Versions 2.0.172.x are branched off trunk at revision 12881. It seems that the ebuild versions of chromium-bin contain the revision number from the repository. I checked which V8 was in the earliest one, at revision 21377. V8 was from 1.2 branch at that point. Also, the version for the builds in range included in ebuilds is like 3.x. I would say - unaffected. And even if it was affected, I would vote for no GLSA. People should not rely on trunk versions for security.
A GLSA wouldn't be written as there are ony unstable (and hardmasked) versions.
Indeed chromium-bin revision is based on revision number (I wonder if it may be worth to switch to a google-chrome-bin ebuild, now that they are available). So no problem on this one (for chromium-bin at least)
Thanks! Closing noglsa.