More info at $URL
CVE-2011-2907 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2907): Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program.
Upstream says that is fixed in 2.5.9
Related: Bug 390167
Added to existing GLSA Request
All vulnerable versions gone, GLSA issued?
This issue was resolved and addressed in GLSA 201412-47 at http://security.gentoo.org/glsa/glsa-201412-47.xml by GLSA coordinator Yury German (BlueKnight).