Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository that when accessed could run arbitrary code with the privileges of the user.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "2:1.12.13+real-12ubuntu0.1", "binary_name": "cvs" }, { "binary_version": "2:1.12.13+real-12ubuntu0.1", "binary_name": "cvs-dbgsym" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "2:1.12.13+real-15ubuntu0.1", "binary_name": "cvs" }, { "binary_version": "2:1.12.13+real-15ubuntu0.1", "binary_name": "cvs-dbgsym" } ] }