Multiple vulnerabilities were found in pax-utils and fixed in latest release.
Fedora has pax-utils-1.2.2 in updates-testing already...
Created pax-utils tracking bugs for this issue:
Affects: epel-5 [bug 1420308]
Affects: epel-6 [bug 1420309]
Another bunch of issues were reported to the oss-security.