Ubuntu Security Notice USN-3399-1
https://packetstormsecurity.com/files/143872/USN-3399-1.txt
https://packetstormsecurity.com/files/143872/USN-3399-1.txthttps://packetstormsecurity.com/files/143872/Ubuntu-Security-Notice-USN-3399-1.htmlTue, 22 Aug 2017 05:28:09 GMTUbuntu Security Notice 3399-1 - Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository that when accessed could run arbitrary code with the privileges of the user.