Ubuntu Security Notice 3399-1 - Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository that when accessed could run arbitrary code with the privileges of the user.
e23e4f58ae7a4fb2abde5c65507b1ea997de4d014bc53813f98e38b53a87c713