CVE-2007-1558 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1558): The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, and possibly other products.
Will commit ebuilds tomorrow.
Arches, please test and mark stable: =app-admin/eselect-ruby-20081227 =dev-lang/ruby-1.8.6_p368 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
ppc64 done
ppc done
Stable on alpha.
x86 stable
arm/ia64/s390/sh/sparc stable
amd64 done.
Stable for HPPA.
All the other bugs for this CVE got "noglsa", don't think that ruby is so special to warrant one. Thanks everyone.