Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository that when accessed could run arbitrary code with the privileges of the user.
{ "availability": "No subscription required", "binaries": [ { "cvs": "2:1.12.13+real-12ubuntu0.1", "cvs-dbgsym": "2:1.12.13+real-12ubuntu0.1" } ] }
{ "availability": "No subscription required", "binaries": [ { "cvs": "2:1.12.13+real-15ubuntu0.1", "cvs-dbgsym": "2:1.12.13+real-15ubuntu0.1" } ] }