CVE-2013-4566 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4566): mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions. Patch available at http://pkgs.fedoraproject.org/cgit/mod_nss.git/tree/mod_nss-nssverifyclient.patch?id=63709b8. As with the other mod_nss CVE, probably just should revbump, upstream's been inactive quite a while.
Fixed in 1.0.9 upstream , already out of tree closing noglsa