We have just released 8.4.2 of the v8-stable branch.
This is primarily a re-release of 8.4.2 because the patch for the PRI vulnerability was incomplete. Special thanks to "mancha" for notifying us and helping to get it right.
For more info, please see: http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
Packages are also already available in the package archives..
As always, feedback is appreciated.