There's a bug in phpmyadmin that creates the pma user with insecure password, the #200504-30 describes this.. But after the password has been changed, the glsa-check still shows affected. #glsa-check -d 200504-30 Vulnerable: <2.6.2-r1 Unaffected: >=2.6.2-r1 I've installed 2.6.2-r1 and it's still marked with the red "[N]" * dev-db/phpmyadmin Latest version available: 2.6.2-r1 Latest version installed: 2.6.2-r1 Reproducible: Always Steps to Reproduce: 1. 2. 3.
Did you remember to unmerge the old version? (equery list phpmyadmin)
:) sorry, that was the problem..