Thanks Anit, but it seems even that page doesn't have information on what Update 9 fixes. It has a link in the middle of the page that takes me to another page (http://www.adobe.com/support/security/bulletins/apsb13-10.html) where I saw:
This hotfix resolves a vulnerability that could be exploited to impersonate an authenticated user (CVE-2013-1387).
This hotfix resolves a vulnerability that could be exploited by an unauthorized user to gain access to the ColdFusion administrator console (CVE-2013-1388).
I can only assume that these are the 2 issues addressed in the Update. I had to check the NVD to get info on these. I wonder why Adobe chose to change the format of it's Update pages. And why I couldn't just goto the ColdFusion page, choose "Updates" and see a list of Updates as well as what they each fixed.
"Simplicity is the Ultimate Sophistication" — Leonardo da Vinci