A buffer overflow vulnerability in xdelta3 was reported, allowing arbitrary code execution from input files on some systems. Upstream patch: https://github.com/jmacd/xdelta/commit/969e65d3a5d70442f5bafd726bcef47a0b48edd8
Fedora 23, package xdelta, is not vulnerable because it currently has xdelta-3.0.9-1.fc23 in stable
Created xdelta tracking bugs for this issue: Affects: fedora-22 [bug 1305464]
External references: (none)
Currently no plan to address this in Red Hat Enterprise Linux 7. xdelta is a leaf package, not required/used by other distribution components.