Gentoo Linux Security Advisory 201701-44 - A heap-based buffer overflow in CVS might allow remote attackers to execute arbitrary code. Versions less than 1.12.12-r11 are affected.
71c9c3e5dca8cfd1d4536c96814d73f9b18d733595f8c2d555c62d5e873f9a56
Mandriva Linux Security Advisory 2012-044 - A vulnerability has been found and corrected in cvs. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. The updated packages have been patched to correct this issue.
891ba05686fa17391e069c49ba48e6a0ad5b0eba8fc97db8070e0ddf441eeff7
Ubuntu Security Notice 1371-1 - It was discovered that cvs incorrectly handled certain responses from proxy servers. If a user were tricked into connecting to a malicious proxy server, a remote attacker could cause cvs to crash, or possibly execute arbitrary code.
456195625d6524c03923a1457d002d80445f9f034e991f9bbf3bbe3eb73ae6a5
Red Hat Security Advisory 2012-0321-01 - Concurrent Version System is a version control system that can record the history of your files. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. All users of cvs are advised to upgrade to these updated packages, which contain a patch to correct this issue.
286bd54779b5c16c26d69ad0f13809a6a3ffda1eb265fbfeaf74bff12f263554
Debian Linux Security Advisory 2407-1 - It was discovered that a malicious CVS server could cause a heap overflow in the CVS client, potentially allowing the server to execute arbitrary code on the client.
1489ddea367ba0fd14946999e8941cbabe33fe51ca09e8d921dea8e46f7770df