It was reported that the iodbctest and iodbctestw tools provided by the libiodbc package had an insecure RPATH (/tmp/) entry:
This could lead to arbitrary code execution with the privileges of the user running the affected tools.
This issue did not affect the libiodbc packages in Fedora or EPEL, as the packages are built in /buildir/ and not /tmp/.
CVE request: http://seclists.org/oss-sec/2013/q4/525
CVE-2013-7172 was assigned to this issue: http://seclists.org/oss-sec/2013/q4/527
As an addendum to comment #1 about fedora/epel packages not being vulnerable, we explicitly delete the rpaths from the binaries in question as part of the build process (using chrpath --delete)