A critical access bypass was reported for drupal versions <8.2.8 and <8.3.1, as per drupal advisory: DRUPAL-SA-CORE-2017-002. Drupal 7 is *not* affected. From the advisory: This is a critical access bypass vulnerability. A site is only affected by this if all of the following conditions are met: The site has the RESTful Web Services (rest) module enabled. The site allows PATCH requests. An attacker can get or register a user account on the site. Fixed versions are already in the tree and the affected versions were dropped. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86d31afe3bd4ba200886e7791071bc7d63099741
Repository is clean, no stable package was affected. All done! Maintainer(s), thank you for your work.