A buffer overflow has been found in Midnight Commander's virtual
filesystem code. Specifically, a stack-based buffer overflow in
vfs_s_resolve_symlink of vfs/direntry.c allows remote attackers to
execute arbitrary code during symlink conversion.
Also see bug #113849 and bug #113850
The patch was already included in 8.1, but at that time not announced
as a security update (actually not announced at all).
8.4 should be pushed to the main update tree ASAP as this is a serious
vulnerability and not every body runs or checks testing, so I assume
90% of people running Fedora are still vulnerable.