Comment added to BZ as well...
On Fri, 21 Nov 2008 22:51:32 +0100 Till Maas <opensource(a)till.name>
The question is now, whether I should update the package without the
affected script to make everyone aware of this or just keep it as is.
This has a very low impact due to the reasons you have explained. For
Red Hat Enterprise Linux we tend to postpone fixing low impact issues,
it should be fine to deal with this once there's a better reason to do
Tomas Hoger / Red Hat Security Response Team