Just to point out that EL5 does not get this patch:

https://rhn.redhat.com/errata/RHSA-2015-0165.html

"A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580)"

https://bugzilla.redhat.com/show_bug.cgi?id=1174054#c17

-- LF