X.org X server 1.13.3 and earlier, when not run as root, allows local users
to cause a denial of service (crash) or possibly gain privileges via vectors
involving cached xkb files.
No package in tree is affected by this, the oldest xorg-server ebuild in tree where suid is optional is 1.13.4-r1. Older versions always run as root.
Added to existing GLSA draft
This issue was resolved and addressed in
GLSA 201405-07 at http://security.gentoo.org/glsa/glsa-201405-07.xml
by GLSA coordinator Mikle Kolyada (Zlogene).