I'm marking this as invalid. The announcement revers to CVE-2012-0804. That advisory says "Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12"
There is no function proxy_connect() in cvs-1.11.23. The Debian entry indicates several changes to the base system (a 10K patch) and RedHat indicates several changes to the base system:
I'm marking this as invalid. The announcement revers to CVE-2012-0804. That advisory says "Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12"
There is no function proxy_connect() in cvs-1.11.23. The Debian entry indicates several changes to the base system (a 10K patch) and RedHat indicates several changes to the base system:
https://bugzilla.redhat.com/show_bug.cgi?id=784141
Note that at http://ftp.gnu.org/non-gnu/cvs/source the most recent versions are:
We use the stable version. The vulnerability is in the patches made by others after the stable release.