CVE-2012-2146 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2146): Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database.
revbumped with security patch CVE-2012-2146 added to files, dev-python/elixir $ ebuild elixir-0.7.1-r1.ebuild clean install running install_scripts >>> Completed installing elixir-0.7.1-r1 into /mnt/gen2/TmpDir/portage/dev-python/elixir-0.7.1-r1/image/ runs fine
(In reply to comment #1) > revbumped with security patch CVE-2012-2146 added to files, > > dev-python/elixir $ ebuild elixir-0.7.1-r1.ebuild clean install > running install_scripts > >>> Completed installing elixir-0.7.1-r1 into /mnt/gen2/TmpDir/portage/dev-python/elixir-0.7.1-r1/image/ > > runs fine Thanks, Ian. Please don't forget to drop the vulnerable version. Closing noglsa for ~arch only.
