While ago, I pushed a mod_security security update (one line patch for CVE-2013-5705) without testing it thoroughly on EL5, which turns out to be broken(httpd does not start) [1].
I usually test all packages before pushing updates, but at that time I didn't have access to my build box (which has all my test VMs)
If you're going to update mod_security on EL5 box, you should get the one from epel5-testing:
https://admin.fedoraproject.org/updates/mod_security-2.6.8-6.el5
Sorry for any inconvenience caused.