Currently, RH is building procmail 3.14 (even in the latest Rawhide). This really needs to be updated to procmail 3.15.1. 3.15.1 fixes a bug I'm seeing where messages occasionally get bounced due to a race condition. In addition, the changelogs claim that 3.15.0 fixes attempts to exploit a Linux kernel bug (I don't know the details of that, or if it's a problem, or what).
That's not a problem, as the kernel has been fixed a long time ago. I don't want to upgrade at this late stage. I'll upgrade later.
Like I said, I'm not so much concerned with the alleged security problem. I am, however, actually seeing the race-and-bounce fixed by 3.15.1. I've already had to upgrade two 7.0 boxes to 3.15.1 because of that and if you ship 7.1 with a known buggy procmail I'm going to have to do the same for all the 7.1 boxes I install.
There are _no_ open bugs against it. And if we put in a new version, it wouldn't get that much testing - the chances of shipping something buggy would be higher. So I have a pretty high threshold of convincing right now... (and I and most others here use this every day without problems).