The file /etc/nullmailer/remotes contains plaintext passwords to remote smtp severs. I think it would be a good idea to install it with more restrictive permissions. I tried with root:nullmail / 0640 and it seems that everything works without any issues. The ebuild for mail-mta/ssmtp does a similar thing for its equivalent file. Here's the relevant snippet from that ebuild:
if ! use prefix; then
fowners root:ssmtp /etc/ssmtp/ssmtp.conf
fperms 640 /etc/ssmtp/ssmtp.conf
This becomes a security bug from now, thanks for the report
Arches, please stabilize nullmailer-1.11-r2.
amd64 ppc x86
Thanks for your work
GLSA vote: no
+*nullmailer-1.13-r2 (25 Sep 2013)
+ 25 Sep 2013; Justin Lecher <email@example.com> -nullmailer-1.11.ebuild,
+ -nullmailer-1.11-r1.ebuild, nullmailer-1.11-r2.ebuild,
+ nullmailer-1.11-r3.ebuild, -nullmailer-1.13.ebuild,
+ -nullmailer-1.13-r1.ebuild, +nullmailer-1.13-r2.ebuild,
+ Drop old vulnerable versions, #480376; respect AR, #480394; make paludis
+ happy, #462846 thanks Thomas Witt for the patch; fix broken openrc
+ initscript, #480354
Removed all versions in question.
GLSA vote: no. Closing noglsa.