The version 3.1.1 of net-ftp/filezilla has been released yesterday. I know that I should wait at least 48 hours before filing the bug and choose the 'enhancement' severity, but the latest version of the package present in Portage (3.1.0) is (somewhat) vulnerable. The homepage of the software claims that an attacker could cause a SSL/TLS'd connection to close (if I understand correctly), and states that all versions <3.1.0.1 are affected. Btw, I just renamed the latest ebuild and the package compiles and runs successfully.
Why do they always choose to find those bugs when I'm on holidays? ;) Thanks for the report, I've bumped to 3.1.1.1 (fixes a possible crash), and removed older ~arch ebuilds.