Rollie Hawk writes "Concurrent Versions System (CVS) software is often one of the first places to obtain security updates and bug fixes for open source projects. In an ironic twist of fate, it was recently that software itself found in need of fixing.
As of April 18, CVS released updates of its stable and feature releases to patch a potentially nasty security holereported by Gentoo developers. Though no exploit has been reported yet, a buffer overflow vulnerability existed in the server executable. Nearly a year ago, a similar vulnerability resulted in servers being compromised before a patch was made available."