Can you throw together a mockup of how you want them to look ? I'd be happy to implement it.

{{{

Fedora Security and Bug fix Update Notification
}}}

Sometimes new releases contain both Enhancements and Bug fixes. Or security
fixes and other bug fixes. This is not particularly related to security updates
though

{{{
Name: FEDORA-2008-1535
Time: 2008-02-13 04:18:18
Product: Fedora 8
}}}

Maybe these can be gotten rid of. The title could contain the update number,
and the sentence below can end with "...for Fedora 8". Mail header contains
date and time.

{{{

The following packages are now available:
}}}

Or {{{The following package is now available:}}}

{{{
openvrml-0.17.5-2.fc8
VRML/X3D runtime library

gnome-python2-extras-2.19.1-12.fc8
The sources for additional. PyGNOME Python extension modules.

devhelp-0.16.1-5.fc8
API document browser

yelp-2.20.0-7.fc8
A system documentation reader from the Gnome project

galeon-2.0.4-1.fc8.2
GNOME2 Web browser based on Mozilla

gnome-web-photo-0.3-8.fc8
HTML pages thumbnailer

epiphany-2.20.2-3.fc8
GNOME web browser based on the Mozilla rendering engine

ruby-gnome2-0.16.0-20.fc8
Ruby binding of libgnome/libgnomeui-2.x

epiphany-extensions-2.20.1-5.fc8
Extensions for Epiphany, the GNOME web browser

liferea-1.4.11-2.fc8
An RSS/RDF feed reader

kazehakase-0.5.2-1.fc8.2
Kazehakase browser

firefox-2.0.0.12-1.fc8
Mozilla Firefox Web browser.

Miro-1.1-3.fc8
Miro - Internet TV Player

gtkmozembedmm-1.4.2.cvs20060817-18.fc8
C++ wrapper for GtkMozembed

chmsee-1.0.0-1.28.fc8
A Gtk+2 CHM document viewer

blam-1.8.3-13.fc8
An RSS/RDF feed reader
}}}

Yep this section looks ugly here. Mozilla ABI in-stability is ugly.

{{{

Update Information:

Several flaws were found in the way Firefox processed certain malformed web
content.

A webpage containing malicious content could cause Firefox to crash, or
potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412,
CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)

Several flaws were found in the way Firefox displayed malformed web content.
A webpage containing specially-crafted content could trick a user into
surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)

A flaw was found in the way Firefox stored password data. If a user saves login
information for a malicious website, it could be possible to corrupt the password
database, preventing the user from properly accessing saved password data.
(CVE-2008-0417)

A flaw was found in the way Firefox handles certain chrome URLs. If a user has
certain extensions installed, it could allow a malicious website to steal sensitive
session data. Note: this flaw does not affect a default installation of Firefox.
(CVE-2008-0418)

A flaw was found in the way Firefox saves certain text files. If a website offer
a file of type "plain/text", rather than "text/plain", Firefox will not show future
"text/plain" content to the user in the browser, forcing them to save those
files locally to view the content. (CVE-2008-0592)

Users of firefox are advised to upgrade to these updated packages, which contain
updated packages to resolve these issues.
}}}

This is Red Hat styled advisory text and is perfectly ok for large updates of
popular updates like this. For simple ones, References with good bug names and
CVE names are considered to be good enough.

Either bug submitter of Bodhi formatted that too badly. It should at the very
least obey line breaks (especially when they are doubled and fold lines ad
columnt 75. Bodhi should provide preview of the update mail to the maintainer.

This is probably related to
https://fedorahosted.org/fedora-infrastructure/ticket/282

Also the firefox update text was poor at explaining why are other packages than
firefox being updated. If this problem repeats in future, the Security Response Team
will fix the text prior to giving approval.

{{{

References:

[ 1 ] Bug #431732 - CVE-2008-0412 Mozilla layout engine crashes
https://bugzilla.redhat.com/show_bug.cgi?id=431732
[ 2 ] Bug #431733 - CVE-2008-0413 Mozilla javascript engine crashes
https://bugzilla.redhat.com/show_bug.cgi?id=431733
[ 3 ] Bug #432040 - CVE-2008-0414 mozilla: multiple file input focus stealing vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=432040
[ 4 ] Bug #431739 - CVE-2008-0415 Mozilla arbitrary code execution
https://bugzilla.redhat.com/show_bug.cgi?id=431739
[ 5 ] Bug #431742 - CVE-2008-0417 Mozilla arbitrary code execution
https://bugzilla.redhat.com/show_bug.cgi?id=431742
[ 6 ] Bug #431748 - CVE-2008-0418 Mozilla chrome: directory traversal
https://bugzilla.redhat.com/show_bug.cgi?id=431748
[ 7 ] Bug #431749 - CVE-2008-0419 Mozilla arbitrary code execution
https://bugzilla.redhat.com/show_bug.cgi?id=431749
[ 8 ] Bug #431751 - CVE-2008-0591 Mozilla information disclosure flaw
https://bugzilla.redhat.com/show_bug.cgi?id=431751
[ 9 ] Bug #431752 - CVE-2008-0592 Mozilla text file mishandling
https://bugzilla.redhat.com/show_bug.cgi?id=431752
[ 10 ] Bug #431756 - CVE-2008-0593 Mozilla URL token stealing flaw
https://bugzilla.redhat.com/show_bug.cgi?id=431756
[ 11 ] Bug #432036 - CVE-2008-0594 mozilla: web forgery warning may not be displayed
https://bugzilla.redhat.com/show_bug.cgi?id=432036
}}}

This is done perfectly and if anyone's unfomfortable with opening bugzilla
links he has CVE names and more-or-less sufficient explanation of the bug.
If that's not enought something would be wrong with him.

{{{

This update can be installed with the "yum" update program.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
}}}

I removed the "{{{Use su -c 'yum update gnome-web-photo' at the command line.}}}"

{{{

}}}

I skipped changelogs. They can not be easily incorporated here.

Has there been any work on this ticket recently?

Migrated to bodhi's trac: https://fedorahosted.org/bodhi/ticket/723