Dunno how serious it is, yet.
dev-java/icedtea bumped (package not stable yet)
Looks like I've forgotten to update this bug and get it stable etc. Now superseeded by bug 352035
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as
based on OpenJDK 6, declares multiple sensitive variables as public, which
allows remote attackers to obtain sensitive information including (1)
user.name, (2) user.home, and (3) java.home system properties, and other
sensitive information such as installation directories.
This issue was resolved and addressed in
GLSA 201406-32 at http://security.gentoo.org/glsa/glsa-201406-32.xml
by GLSA coordinator Mikle Kolyada (Zlogene).