Hi Please let in rpm-4.9.1.3. It's a pure security fixes release. It passes rpm, perl-URPM & urpmi test suites (same % of success for urpmi).
See http://rpm.org/wiki/Releases/4.9.1.3: "Summary of changes from RPM 4.9.1.2 This is a security-only update for CVE:2012-0060, CVE:2012-0061 and CVE:2012-0815. Security Properly sanity check region tags on header/package read (CVE:2012-0060) Sanity check header regions fit within the header (CVE:2012-0061) Sanity check negated region offsets too in headerVerifyInfo() (CVE:2012-0815)"