It seems we import GLSA directly from Gentoo without caring to modify the cases to reflect the state in Funtoo.

For example the glsa-check reports that you have a vulnerable version of bash installed when you have version 4.3_p48, when you look at FL-3539 it's already fixed in the version in question in Funtoo, while it was fixed in 4.3_p48-r1 in Gentoo.

This also raises concern about webkit-gtk, which according to glsa-check all versions in Funtoo are affected without the possibility to install a unaffected version which is available in Gentoo.

My suggestion to improvement is to either see to that data is accurate for Funtoo or remove GLSA completely from Funtoo as it's not reliable.