CVE-2012-3355 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3355): (1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
=media-plugins/rhythmbox-3.0.1 is stable in-tree, so if possible =media-sound/rhythmbox-0.12.8-r1 should be removed as it is affected. The only issue is rhythmbox-equalizer depends on 0.12.8 specifically, so if 0.12.8-r1 is removed, rhythmbox-equalizer-0.1.ebuild should be updated to accept any version of rhythmbox.
vulnerable versions were dropped time ago
rhythmbox-3.0.1 fixes this, stabilized in bug #478252
vulnerable versions removed LONG ago as previous comment states. Please proceed with a GLSA or closure.