A buffer overflow has been found in Midnight Commander's virtual filesystem code. Specifically, a stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c allows remote attackers to execute arbitrary code during symlink conversion. Errata RHSA-2004:034 in progress
This is in ERRATA and can be closed as such.
Yeah, RHSA-2004:034 was released on the 21st: http://rhn.redhat.com/errata/RHSA-2004-034.html
And what about Fedora Core (bug #114540)? A test update was made available on the 19th, but no announcement was made on either the test list, the main list or the devel list. This update should be announced and moved to the main tree. While I am at it let me shamelessly plug the one line fix from bug #112644. Please get it in testing. I've been using it for over a month without any problem.