I committed x11-terms/rxvt-2.7.10-r5 to the tree and immediately stabilized it, as it has no maintainer, and the patch is exceedingly simple and makes zero architecture-specific changes. The patch is a fix for CVE-2017-7483. This bug is to inform the archs about this stabilization change, as well as for the security project to track this particular security-sensitive change. I left x11-terms/rxvt-2.7.10-r4 in the tree for the time being. If somebody from arches can confirm that, while somewhat out of the standard procedure, this isn't an entirely horrible change, then I'll go ahead and remove the old (vulnerable) ebuild.
Assigning this bug to myself, since the package has no maintainer, and I've thus far made the ebuild changes. If somebody from archs would like to take ownership of this, however, feel free to do so.
Jason, thank you. Added ago so he could take a look. Also base on Email we could drop the package as well, and just add to the GLSA to replace with rxvt-unicode, as resolution.
As announced on gentoo-dev, this package has now been masked for removal in 30 days: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c50296e8e46086273f5d02e7a2a55e8b66f0d547
commit 9b7fbeb61d5c854a023c8e45a5184afa7f6f7997 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: Sat Jun 17 10:24:57 2017 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: Sat Jun 17 10:39:58 2017 x11-terms/rxvt: Remove last-rited pkg, #618250
I can't tell if you have actually removed this package yet. But it is worth wile pointing out that it's lack of support for UTF-8 makes it an ideal candidate for testing CLI programs portability to a locale of C or UTF-8 in the presence of a non-UTF-8 aware terminal.
