These are all security issues fixed in the cvs-1.12.13-1.14 package on the GA media of openSUSE Tumbleweed.
{ "binaries": [ { "cvs": "1.12.13-1.14", "cvs-doc": "1.12.13-1.14" } ] }