It is found that davfs2, a tool for connecting to WebDAV, might be using the system() insecurely. The issue is since mount_davfs2 is setuid, using the system() call could result in privilege escalation. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723034
I'm building davfs-1.4.7-3.fc{18,19,20}, which includes the patch from upstream for this. Let me know if there's anything special I need to do here.
Created davfs2 tracking bugs for this issue: Affects: fedora-all [bug 1012340]
davfs2-1.4.7-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.