glsa-check doesn't provide an up-to-date information for Funtoo. Funtoo also backports lots of security fixes for the forked packages, so the information that you get with --list affected could be inaccurate or wrong.
There is a open bug for glsa-check tool for funtoo
in BFO https://bugs.funtoo.org/browse/FL-3832?jql=text ~ "glsa"
so you can subscribe to the bug and get update once such a tool is ready for funtoo. Until then you will have to check gentoo's GLSA list and check the README.rst in the kit of the package for example here:
https://github.com/funtoo/core-kit/blob/1.0-prime/README.rst
Funtoo also tries to audit forked ebuilds every 30 days. You can see all stale packages on this webpage:
http://ports.funtoo.org/stale/
If you want to help and use any of the packages that are listed as "stale" you can check if they are affected by any know vulnerabilities and report those on https://bugs.funtoo.org where they will be squashed as fast as possible.
Thank you in advance.
