I think I can grab Red Hat's fix to this from here. I will try to do this as soon as possible.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0900 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
