CVE Request -- yum: Not removing bad metadata and using it in next run

[Jan Lieskovsky <jlieskov () redhat com>]

Hello Kurt, Steve, vendors,

  A security flaw was found in the way Yum package manager
performed management of repository metadata in certain
circumstances (bad metadata were not removed properly
and re-used in subsequent run). An attacker could inject
a specially-crafted Trojan horse file in the metadata of
a remote repository, possibly leading to their ability
to confuse Yum package manager to accept invalid untrusted
metadata as valid by mistake.

References:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=910446
[2] http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099496.html
[3] http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100299.html
[4] https://lwn.net/Articles/540426/ 
    (and search for 'yum: denial of service' here)

Relevant upstream patch:
[5] http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=c148eb10b798270b3d15087433c8efb2a79a69d0

This issue was found by James Antill of Red Hat.

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

P.S.: For those possibly wondering why [2] and [3]
      are public already - it's true this has been fixed
      some time ago already (but I wasn't around at that time)
      and better to request later, than never.

      Thank you for your understanding, Jan.