Dunno how serious it is, yet.
dev-java/icedtea bumped (package not stable yet) dev-java/icedtea6-bin building
Looks like I've forgotten to update this bug and get it stable etc. Now superseeded by bug 352035
CVE-2010-3860 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860): IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
This issue was resolved and addressed in GLSA 201406-32 at http://security.gentoo.org/glsa/glsa-201406-32.xml by GLSA coordinator Mikle Kolyada (Zlogene).