libICE depends on arc4random() as well to generate the session cookies, thereby falling back to the same weak mechanism as libXdmcp (bug 611352).
We will have to check, most Gentoo architectures shouldn't be affected due to
> elibc_glibc? ( dev-libs/libbsd )
libICE-1.0.9-r1 depends on libbsd, but it is not stabilized yet. We will need to do that.
Stabilization will be handled in bug 611056.
Vulnerable versions dropped:
Author: Matt Turner <email@example.com>
Date: Thu Mar 16 09:11:52 2017 -0700
x11-libs/libICE: Drop vulnerable versions.
New GLSA request filed.
This issue was resolved and addressed in
GLSA 201704-03 at https://security.gentoo.org/glsa/201704-03
by GLSA coordinator Kristian Fiskerstrand (K_F).