Seems like the vulnerability is in jcodings, which is stable, but jruby not. I'm not sure if/how it can manifest in jcodings itself, or other reverse dependencies (which are however also jruby-related), besides through jruby.
Reverse DEPEND for dev-java/jcodings: dev-java/bytelist-1.0.2 dev-java/joni-1.1.3 dev-java/jruby-1.3.1-r1 dev-java/jruby-1.4.0-r4 dev-java/jruby-1.4.0-r5 dev-java/jruby-1.4.0-r6 dev-java/jvyamlb-0.2.5
OK, bumped both jcodings and jruby (which was probably not necessary, but rather to avoid confusion) with updated dependency.
Arches please stabilize:
=dev-java/jcodings-1.0.4 builds fine on x86. Tested rdeps =dev-java/bytelist-1.0.2, =dev-java/joni-1.1.3 and =dev-java/jvyamlb-0.2.5 (jruby is not stable).
I don't know how to really test this, but the test suites of bytelist and jvyamlb didn't give any problems. I guess this is fine then.
Please mark =dev-java/jcodings-1.0.4 stable for x86.
x86 stable, thanks Myckel
amd64 stable, all arches done.