==========================================================Ubuntu Security Notice USN-117-1 May 04, 2005
cvs vulnerability CAN-2005-0753
A security issue affects the following Ubuntu releases:
The problem can be corrected by upgrading the affected package to
version 1:1.12.9-1ubuntu0.1 (for Ubuntu 4.10), or 1:1.12.9-9ubuntu0.1
(for Ubuntu 5.04). In general, a standard system upgrade is
sufficient to effect the necessary changes.
Alen Zukich discovered a buffer overflow in the processing of version
and author information in the CVS client. By tricking an user to
connect to a malicious CVS server, an attacker could exploit this to
execute arbitrary code with the privileges of the connecting user.