Stefan Esser discovered a problem in cvs, a concurrent versions system, which is used for many Free Software projects. The current version contains a flaw that can be used by a remote attacker to execute arbitrary code on the CVS server under the user id the CVS server runs as. Anonymous read-only access is sufficient to exploit this problem. For the stable distribution (woody) this problem has been fixed in version 1.11.1p1debian-8.1. For the old stable distribution (potato) this problem has been fixed in version 1.10.7-9.2. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your cvs package immediately.
Stefan Esser discovered a problem in cvs, a concurrent versions system, which is used for many Free Software projects. The current version contains a flaw that can be used by a remote attacker to execute arbitrary code on the CVS server under the user id the CVS server runs as. Anonymous read-only access is sufficient to exploit this problem.
For the stable distribution (woody) this problem has been fixed in version 1.11.1p1debian-8.1.
For the old stable distribution (potato) this problem has been fixed in version 1.10.7-9.2.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your cvs package immediately.
MD5 checksums of the listed files are available in the original advisory.