Foreman 1.8.4 security and bug fix release

Foreman 1.8.4 has been released with a security fix and two bug fixes.

The security issue was:
CVE-2015-5233: reports show/destroy not restricted by host
authorization

Users with view_reports or destroy_reports permissions allows a user
to view or delete reports from any host without taking their
view_hosts permission into account.

Affects Foreman 1.5.0 and higher

More information available at Foreman :: Security.

There was a second security issue filed (CVE-2015-5246) affecting Active
Directory logins after password changes, but this was later rejected.
Please see the security page linked above for more information, as AD
users should nevertheless be aware of this.

A bug fix allows deletion of duplicate network interfaces on hosts,
which should help people who have been affected by bugs on fact imports.
Please note that the Foreman 1.9 stable release has and will receive
further fixes in this area.

Full release notes for all of the changes are on the website here:
http://theforeman.org/manuals/1.8/index.html#Releasenotesfor1.8.4
http://projects.theforeman.org/rb/release/84

==== Upgrading ====
Fully supported with package upgrades from both 1.7 and 1.8. When
upgrading, follow these instructions:
http://theforeman.org/manuals/1.8/index.html#3.6Upgrade

If you're installing a new instance, follow the quickstart:
http://theforeman.org/manuals/1.8/index.html#2.Quickstart

If you also want to upgrade to Debian 8 (Jessie), ensure you upgrade
your current installation to 1.8 before attempting the dist-upgrade. See
http://projects.theforeman.org/projects/foreman/wiki/Debian_jessie_notes
for more info.

Packages may be found in the 1.8 directories on both deb.foreman.org and
yum.theforeman.org, and tarballs are on downloads.theforeman.org.

The GPG key used for RPMs and tarballs has the following fingerprint:
64E3 7B1F A6C0 2416 6B53 5495 28F5 A69D 225C 9B71
(Foreman :: Security)

Bug reporting