VYPR

rpm package

opensuse/cvs&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/cvs&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2017-12836HigAug 24, 2017
    affected < 1.12.13-1.14fixed 1.12.13-1.14

    CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."

  • CVE-2012-0804May 29, 2012
    affected < 1.12.12-183.10fixed 1.12.12-183.10

    Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.