Now dev-util/android-tools::gentoo affected to "CVE-2014-1909 android-tools: stack-based buffer overflow flaw in Android Debug Bridge (ADB) client" gentoo-bug https://bugs.gentoo.org/show_bug.cgi?id=500480 

gentoo use android-tools-20130123git98d0789-2.fc20.src.rpm git commit "98d0789772b94b9b0c2aecfab74dc1a9283a91b1" old snapshot from fedora. And there are no updates since that time.

But CVE-2014-1909 been fixed at git commit "b49bb5236637b35d20c97e10921e33cf9db39be8" branch "android-4.2.1_r1.2" four months ago (!!!) for details, see https://bugzilla.novell.com/show_bug.cgi?id=863074

diff from git commit "98d0789772b94b9b0c2aecfab74dc1a9283a91b1" to branch "android-4.2.1_r1.2" (not affected to CVE-2014-1909) git commit "b49bb5236637b35d20c97e10921e33cf9db39be8"  https://android.googlesource.com/platform/system/core/+/98d0789772b94b9b0c2aecfab74dc1a9283a91b1..b49bb5236637b35d20c97e10921e33cf9db39be8/

diff from git commit "b49bb5236637b35d20c97e10921e33cf9db39be8" to branch "android-4.4_r1.2" git commit "3e453498083d3caa38f25d0ba6cc7c9829010bbc" https://android.googlesource.com/platform/system/core/+/98d0789772b94b9b0c2aecfab74dc1a9283a91b1..3e453498083d3caa38f25d0ba6cc7c9829010bbc/

Reproducible: Always

Steps to Reproduce:
1. emerge --sync
2. emerge dev-util/android-tools::gentoo
3. 
Actual Results:  
You get affected to CVE-2014-1909 and old adb, fastboot

Expected Results:  
Not affected to CVE-2014-1909 updated version adb, fastboot

My ebuild use branch "android-4.4_r1.2" git commit "3e453498083d3caa38f25d0ba6cc7c9829010bbc" and get all sources from git. It is more likely that it should be named *9999.ebuild But I do not know how to do in this case more correctly

Perhaps necessary to do our snapshot and use it?