The mplayer versioning scheme was changed recently (see URL field and bug 175688), with versions of the form 1.0.xxxxxx replaced with 1.0_rc1_pxxxxxxxx. GLSAs 200705-21 and 200707-07 refer to the old scheme, and since the new versions appear lower than the old ones, the GLSAs consider all current ones vulnerable. The lowest version in the tree, 1.0_rc1_p20070622-r1, is equivalent to the old 1.0.20070622-r1, which /is/ marked unaffected by both GLSAs.
Hi, +1 Rumen
fixed in cvs. Since there has never been any vulnerable *_rc1_* ebuild, i just added an "unaffected <mplayer-1.0" that matches all 1.0_rc1 ebuilds until 1.0.