Created rest tracking bugs for this issue:

Affects: fedora-all [bug 1204682]

Vasyl: why is this a bug in Fedora?

The commit referenced landed upstream in September 2015, we're running 0.7.93 across all current Fedora releases (21 ->24) which was released with the fix in March 2015. It's also referenced in comment 2 [1] in the upstream bug that this was fixed upstream

[1] https://bugzilla.gnome.org/show_bug.cgi?id=742644#c2

(In reply to Peter Robinson from comment #3)
> Vasyl: why is this a bug in Fedora?
> 
> The commit referenced landed upstream in September 2015, we're running
> 0.7.93 across all current Fedora releases (21 ->24) which was released with
> the fix in March 2015. It's also referenced in comment 2 [1] in the upstream
> bug that this was fixed upstream
> 
> [1] https://bugzilla.gnome.org/show_bug.cgi?id=742644#c2

Peter, it was an issue for Fedora when this flaw bug was filed, see https://bugzilla.redhat.com/show_bug.cgi?id=1204682 (Fedora security tracker bug for this issue).
I.e. - Fedora was affected, the problem was resolved in BZ 1204682, no further actions required from Fedora side.
Hope this answers your question.

Not sure why I only just got alerts then, all of the emails dated a few days ago, didn't take note of the dates in the actual BZ bits above

(In reply to Peter Robinson from comment #5)
> Not sure why I only just got alerts then, all of the emails dated a few days
> ago, didn't take note of the dates in the actual BZ bits above

Hi Peter,

CVE/Flaw bugs are not supposed to be closed until all affected products are fixed. May be you wanted to close bug that was opened for Fedora.

> CVE/Flaw bugs are not supposed to be closed until all affected products are
> fixed. May be you wanted to close bug that was opened for Fedora.

Close what ever ones you want, it's not a problem in Fedora.

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2237 https://rhn.redhat.com/errata/RHSA-2015-2237.html