Debian Linux Security Advisory 2407-1 - It was discovered that a malicious CVS server could cause a heap overflow in the CVS client, potentially allowing the server to execute arbitrary code on the client.
1489ddea367ba0fd14946999e8941cbabe33fe51ca09e8d921dea8e46f7770df