ntp contains the client and daemon implementations for the Network Time Protocol.
It has been reported that ntp incorrectly checks the return value of the EVP_VerifyFinal(), a vulnerability related to CVE-2008-5077 (GLSA 200902-02).
A remote attacker could exploit this vulnerability to spoof arbitrary names to conduct Man-In-The-Middle attacks and intercept sensitive information.
There is no known workaround at this time.
All ntp users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.4_p6"