There is no difference in the rpm here for 9.1 as we used originally last year. http://yum.postgresql.org/repopackages.php
This makes me think the vulnerability didn't exist with the RPM version of 9.1. Otherwise, postres wouldn't have the same exact rpm still available for download. It uses 9.1-4 just like I downloaded July 31 2012 with the same exact byte count.
