See http://www.securityfocus.com/bid/8483 (includes patch). Reproducible: Always Steps to Reproduce:
The Gentoo ebuild already contains the proposed fix. Gentoo is therefore NOT directly affected. Sorry.
I fixed this bug a while ago. What kinda bothers me is Zone-H taking credit for discovering this bug, they did nothing of the sort as this bug was known already to deb,redhat,gentoo as one can tell by the dates in all our bug tracking systems. Please see bug #24860 for more details on the whois buffer overflow and see why the author refuses to fix the software. *** This bug has been marked as a duplicate of 24860 ***