The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.
https://www.drupal.org/SA-CORE-2015-002
http://www.securityfocus.com/bid/75286
http://www.debian.org/security/2015/dsa-3291
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html