pure-ftpd-1.0.30 was released containing the following line in its ChangeLog file: - Empty the command-line buffer after switching to TLS. Fixes a flaw similar to Postfix's CVE-2011-0411. pure-ftpd-1.0.30 is in the tree and should be ready for stabilization.
Arches please test and mark stable =net-ftp/pure-ftpd-1.0.30 Target keywords are: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
amd64 done
Stable on alpha.
x86 stable
ppc/ppc64 stable
Stable for HPPA.
arm/ia64/sparc stable
Thanks, folks. GLSA Vote: yes.
Vote: YES. New GLSA request filed.
This issue was resolved and addressed in GLSA 201110-25 at http://security.gentoo.org/glsa/glsa-201110-25.xml by GLSA coordinator Tim Sammut (underling).