From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021202

Description of problem:
RHSA-2003-089-11 fixed bugs in glibc as related to Bugzilla bug #81901 dealing
with moderately long lines in /etc/group.  Because the main rpm binary is
statically linked to glibc, it still is vulnerable to the issues that the glibc
update addresses.  Specifically, if the install of an RPM package forces the
group on a file to be a group that has a long line in /etc/group, it fails the
lookup of the group name and sets it to 'root'.

Version-Release number of selected component (if applicable):
rpm-4.1-1.06

How reproducible:
Always

Steps to Reproduce:
1.  Create a group in /etc/group that has enough members to make the line go
over 670 characters.  (In my example, I call it 'longgrp')

2.  Create an RPM .SPEC file that sets the group of a file to be in the long group:
%attr(0444 username longgrp) /usr/local/bin/testme

3.  Build the rpm package and install it. 
    

Actual Results:  rpm complains about group 'longgrp' not being found and sets
the group to 'root'.

Expected Results:  rpm should set the group to 'longgrp'

Additional info:

The glibc fix for this specific condition is noted in bugzilla bug #81901 and in
the glibc errata for RHSA-2003-089-11