pure-ftpd-1.0.30 was released containing the following line in its ChangeLog file:
- Empty the command-line buffer after switching to TLS. Fixes a flaw
similar to Postfix's CVE-2011-0411.
pure-ftpd-1.0.30 is in the tree and should be ready for stabilization.
Arches please test and mark stable =net-ftp/pure-ftpd-1.0.30
Target keywords are: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Stable on alpha.
Stable for HPPA.
Thanks, folks. GLSA Vote: yes.
Vote: YES. New GLSA request filed.
This issue was resolved and addressed in
GLSA 201110-25 at http://security.gentoo.org/glsa/glsa-201110-25.xml
by GLSA coordinator Tim Sammut (underling).