CVE's inbound...
CVE-2016-5613 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5613): Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608. CVE-2016-5611 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5611): Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core. CVE-2016-5610 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5610): Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core. CVE-2016-5608 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5608): Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613.
Vulnerable versions: <5.0.28 and <5.1.8 Current Versions stable = 5.0.32 Vulnerable versions in tree need cleanup before closing the bug. GLSA Vote: No
Maintainer(s), please drop the vulnerable version(s).
Ping. No updates since 05/17. Security Team Padawan ChrisADR
Tree is clean: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05f59e1a2812c8993e88e0b517adcf59ba571286 https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9db5469b1744497f69fc6532f25ba0c87c2dc8f1
The cleanup was reverted, however it seems a p.mask was added instead, so I think that constitutes as cleanup as well