Phoronix.com did a very poor job explaining this; they made it look like the bug was keyed to their brand.
Actual bug is any valid first letter(s) of the password are sufficient for authentication.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555195