GLSA 201402-08 lists all versions < 4.56-r1 of net-misc/stunnel as vulnerable. However, per https://secunia.com/advisories/52460/ only stunnel 4.x is affected: "This vulnerability is reported in versions 4.21 through 4.54." I had already pointed this out in bug 460278 comment 18. The vulnerable features don't exist in stunnel-3*.
the bug about 4.x branch, so, 3 obviously not affected and should not be listed
But the GLSA will warn people using stunnel-3.xx, which is not intended behavior. Fixing now.
Fixed in CVS, thanks for the report.