CVE-2011-1431 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1431): The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
InCVS. Arches, please stabilize (compile-test only, unless you already have a qmail deployment to try it on). Target keywords: alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86
Arch teams, please test and mark stable: =mail-mta/netqmail-1.06-r2 Stable KEYWORDS : alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86
amd64: ok (builds fine, too difficult to run-test properly)
Stable for HPPA.
arm stable
amd64 stable
x86 stable
alpha stable
ia64 stable
ppc stable
sparc stable
ppc64 stable
s390 stable
sh stable
Timeout on m68k. netqmail-1.06 has had all keywords but m68k dropped, other affected versions have been cleaned. GLSA vote: no.
GLSA vote: no. Closing as [noglsa]