CVE-2014-2886 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2886): GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack.
@maintainers is this stable? Can we send to glsa? Mike Gentoo Security Padawan
Package is removed wrt #425156.
Removal GLSA opened.
This issue was resolved and addressed in GLSA 201812-10 at https://security.gentoo.org/glsa/201812-10 by GLSA coordinator Thomas Deutschmann (whissi).