It's the only package depending on an old (and vulnerable) version of commons-httpclient. See bug 442292. I've got the bump ready for commit. Reproducible: Always
+*jldap-4.6 (05 Jul 2015) + + 05 Jul 2015; Patrice Clement <monsieurp@gentoo.org> + +files/jldap-4.6-Debug.java.patch, +files/jldap-4.6-build.xml.patch, + +jldap-4.6.ebuild, metadata.xml: + Version bump. EAPI 5 bump. dev-java/commons-httpclient SLOT bump. Fix bug + 442292 and bug 554030. Let's stabilise it while at it so that we can clean up the old version and get rid of the vulnerable version of commons-httpclient.
+ 05 Jul 2015; Patrice Clement <monsieurp@gentoo.org> jldap-4.6.ebuild: + Stable for amd64. Stable for x86 with ALLARCHES. Fix bug 554030. +
+ 05 Jul 2015; Patrice Clement <monsieurp@gentoo.org> + -files/200603-javac.xml.patch, -jldap-20060300.ebuild: + Remove old. +