original advisory : http://sourceforge.net/project/shownotes.php?release_id=415350 SA19987 : Description: A security issue has been reported in vpopmail, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an error within the handling of SMTP AUTH and APOP password authentication. This can be exploited to authenticate to the mail server using a blank password. Successful exploitation requires that cleartext password authentication is enabled and that the account does not have a cleartext password set. The security issue has been reported in versions 5.4.14 and 5.4.15. Prior versions may also be affected. Solution: The security issue has been fixed in development version 5.4.16.
5.4.16 is available correcting the issue, please provide a new ebuild :)
Commited to tree, Go ahead and mark stable.
stable on x86
da sparc stable.
stable on hppa
amd64 done.
ppc stable
ready for glsa-vote. tend to say no.
I tend to vote NO too.
same, i tend to vote no
Voting no and closing.