A flaw was recently reported for apache-/jakarta-commons-daemon jsvc:
It only affected Linux builds that were compiled with libcap support. While investigating which EWS versions are affected, it was determined that we have libcap support in RHEL-4 version, but not in RHEL-5 and RHEL-6. It should be determined whether jsvc should be compiled with libcap support or not, and be consistent across RHEL versions (i.e. explicitly disable in .spec file, or add proper BuildRequires to have libcap-devel in RHEL-5 and RHEL-6 buildroots too).
As part of response to CVE-2011-2729, we're disabling libcap support in 1.0.2 RHEL-4 builds, for consistency with RHEL-5/6.