It is suspected that this package is vulnerable to a security vulnerability in gnulib. As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected. Please see the information contained in the tracker bug 600518. "If an application using parse_datetime(), such as touch or date, accepted untrusted input, it could cause the application to crash or, potentially, execute arbitrary code."
the fix was included with the 1.28 release which hit the tree in Jul 2014 and went stable in May 2016. there's another security bug that is forcing 1.29 to go stable too.
Was superseded by bug 598334. GLSA for 1.29 was already released. We won't add this issue to the existing GLSA https://security.gentoo.org/glsa/201611-19 because this would require to rewrite the GLSA which we don't do. The severity doesn't require a new one. Repository is clean, all done.
