There is no difference in the rpm here for 9.1 as we used originally last year.
http://yum.postgresql.org/repopackages.php
This
makes me think the vulnerability didn't exist with the RPM version of
9.1. Otherwise, postres wouldn't have the same exact rpm still available
for download. It uses 9.1-4 just like I downloaded July 31 2012 with the same exact byte count.