If you want to keep it/them in the tree, please mask <app-shells/bash-4.2_p37 because of the security bug 431850.
i don't see the point
(In reply to comment #1) > i don't see the point the point is very very easy. The rule is: the maintainer must remove the vulnerable ebuilds from the tree to avoid users that accidentally could install them. If it is a particular case, like bash, if you want to keep it in the tree, you need to mask it, to avoid users that accidentally could install them. What's not clear?
(In reply to Agostino Sarubbo from comment #2) users don't accidentally install older bash. even then, anyone relying on `rbash` as a security solution deserves to be owned. hard rules that don't take into account the realities are stupid rules. we're not dropping old bash versions.
Even if they are slotted now, they are still vulnerable(and they are stable), so, if users are definitely sure to use them - they can unmask them. CCing security@ to this discussion
we're not masking them, although it's moot now that the fix is backported