Just to point out that EL5 does not get this patch: https://rhn.redhat.com/errata/RHSA-2015-0165.html "A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580)" https://bugzilla.redhat.com/show_bug.cgi?id=1174054#c17 -- LF