It was reported [1] that DPM (Disk Pool Manager) suffered from multiple SQL injection vulnerabilities. Versions up to and including 1.8.5 are affected; 1.8.6 contains a fix. [1] https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2012-2683
Created lcgdm tracking bugs for this issue Affects: fedora-all [bug 920862] Affects: epel-all [bug 920863]
Fedora 17 already contains 1.8.6, as does EPEL5 and 6.
And Fedora 18 currently has 1.8.7, so this is resolved across the board.