From ${URL} : A number of issues were found in the cryptography practices of EncFS. These are detailed in the following audit: https://defuse.ca/audits/encfs.htm @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Upstream encfs has not released since November 18, 2010. Version 1.7.4 has been in the tree a while but is susceptible to the problems in the audit.
There seems to be new development and a version 1.7.5 at https://vgough.github.io/encfs/ .
The new version is in the tree. Thanks Feix. We should probably stabilize this as it is a security fix: @amd64 and x86, please stabilize =sys-fs/encfs-1.7.5
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
New GLSA request filed
This issue was resolved and addressed in GLSA 201512-09 at https://security.gentoo.org/glsa/201512-09 by GLSA coordinator Yury German (BlueKnight).