filediff in CVStrac allows remote attackers to execute arbitrary commands via shell metacharacters in rcsinfo.Referenceshttp://www.securityfocus.com/bid/10878http://www.kb.cert.org/vuls/id/770816http://www.osvdb.org/8373http://www.cvstrac.org/cvstrac/chngview?cn=316https://exchange.xforce.ibmcloud.com/vulnerabilities/16929http://www.cvstrac.org/cvstrac/tktview?tn=339http://marc.info/?l=bugtraq&m=109173359428253&w=2http://secunia.com/advisories/12090/
