Hi, hostapd 2.8 release has been issued soon after CVE-2019-11555 fix has been implemented. Upstream security advisory: http://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt Unfortunately I haven't followed hostapd release announcements so it's been sitting unpackaged for two months. Just recently a verbump request https://bugs.gentoo.org/688588 was raised. One day ago I have added the new version to the tree. This timeline actually gives me some hope that the 2.8 release is pretty good for stabilization, as there were no corrective minor releases since then.
amd64 stable
x86 stable
ppc stable
arm64 stable
arm stable