CVE-2004-0180
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.
Date published : 2004-04-16
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch