Dunno if this is present in the cfengine package currently in extras, but probably worth checking out: http://www.securityfocus.com/archive/1/390947/2005-02-18/2005-02-24/1 (I'm not a cfengine user, just happened to notice this message on Bugtraq.)
At least the code in given URL would seem to indicate that its targeted against 2.1.7p1 and FC3 extras has 2.1.9p2. Also here is what Mark Burgess (author of cfengine) has written in their mailing list (http://lists.gnu.org/archive/html/help-cfengine/2005-02/msg00115.html) [begin quote] This is not enough information to go on. Where does this come from and when did it appear? It appears to be old. (2.1.7). In that case it refers to a bug that was patched in 2.1.8. More information please. [end quote]
So are you still maintaining cfengine?
I am not currently using cfengine anywhere in real life and don't seem to have lot of freetime, so if someone has interest to take it as his/her responsible, I don't have any objections against it. Reason, why I checked this case was mostly for professional curiosity and I know couple people, who are using cfengine on their environments.
Fixed in 2.1.8. Currently extras is providing 2.1.13, so this shouldn't be an issue.