Gparted <=0.14.1 does not properly sanitize strings before passing them as parameters to an OS command. Those commands are executed using root privileges. Parameters that are being used for OS commands in GParted are normally determined by the user (e.g. disk labels, mount points). However, under certain circumstances, an attacker can use an external storage to inject command parameters. These circumstances are met if for example an automounter uses a file system label as part of the mount path.
Both Fedora and EPEL currently provide GParted >= 0.18.0 and are as such unaffected. External References: http://gparted.org/news.php?item=184