genkernel still installs busybox-1.20.2. Lots of bugs have been fixed since, including bug #461372.
This bug should block bug 515246 and or 515254 because the version bundled with genkernel is affected by CVE-2014-4607.
Almost all of the bundled programs that genkernel ships with distfiles for are out of date. The versions of busybox and LVM aren't even in portage anymore.
Bug has been closed via the following commit: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed4c4b10e62a57129bb7da924f850e65bdf47b71 commit ed4c4b10e62a57129bb7da924f850e65bdf47b71 Author: Robin H. Johnson <robbat2@gentoo.org> AuthorDate: 2017-09-03 06:34:32 +0000 Commit: Robin H. Johnson <robbat2@gentoo.org> CommitDate: 2017-09-03 06:44:08 +0000 sys-kernel/genkernel: bump, lots of improvements - Improvements to the bincache system. - Updates initramfs tools to ensure they compile on ~arch glibc. -- busybox 1.27.2 -- mdadm 4.0 -- lvm 2.02.173 -- gpg 1.4.22 The following not well tested with new glibc at this time: - dmraid - fuse - iscsi - unionfs-fuse Closes: https://bugs.gentoo.org/442078 Closes: https://bugs.gentoo.org/524346 Closes: https://bugs.gentoo.org/596540 Closes: https://bugs.gentoo.org/627398 Closes: https://bugs.gentoo.org/628020 Closes: https://bugs.gentoo.org/609342 Package-Manager: Portage-2.3.6, Repoman-2.3.3 sys-kernel/genkernel/Manifest | 5 + sys-kernel/genkernel/genkernel-3.5.2.0.ebuild | 165 ++++++++++++++++++++++++++ sys-kernel/genkernel/genkernel-9999.ebuild | 17 +-- 3 files changed, 179 insertions(+), 8 deletions(-)