From secunia security advisory at $URL:
A security issue has been reported in PHP, which can be exploited by malicious people to bypass certain security restrictions.
The security issue is caused due to the "crypt()" function only returning the salt when generating salted MD5 hashes and may render e.g. authentication mechanisms relying on the correctness of the "crypt()" function ineffective.
The security issue is reported in version 5.3.7.
The fix is in their svn repo.
A new release from PHP is expected tomorrow, so I expect to have an ebuild by wednesday.
Please see bug #376735
Sorry, that should have been bug #372745
adding bug 372745 as a depend as Tim suggest.
The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the
value of the salt argument instead of the hashed string, which might allow
remote attackers to bypass authentication via an arbitrary password, a
different vulnerability than CVE-2011-2483.
Fixed in 5.3.8, which is already stable by now. 5.3.7 wasn't stable, but nevertheless added to the GLSA draft now.
This issue was resolved and addressed in
GLSA 201110-06 at http://security.gentoo.org/glsa/glsa-201110-06.xml
by GLSA coordinator Tobias Heinlein (keytoaster).