FYI: I have updated the FC1 cvs rpm to 1.11.9, rediffing all applicable patches and making it tolerate --excludedocs installs. The updated SRPM can be found at http://cachalot.mine.nu/1/SRPMS.fdr/cvs-1.11.9-0.fdr.2.src.rpm
cvs 1.11.10, a security update, is out. Upgraded package available: http://cachalot.mine.nu/1/SRPMS.fdr/cvs-1.11.10-0.fdr.1.src.rpm Please consider applying this to FC1 and possibly earlier RH versions. I believe my package could be used as-is except for changing the 0.fdr.X Release tag to 1.
looks like this one: http://ccvs.cvshome.org/servlets/NewsItemView?newsID=88 is also an issue.
Update to 1.11.11: http://cachalot.mine.nu/1/SRPMS.fdr/cvs-1.11.11-0.fdr.1.src.rpm
Well, I see there is an update in core/development so I'm pulling my package. I find the complete lack of comments in this issue somewhat disturbing though. An issue with security severity has sat in Bugzilla for a month now, no comments. In the future, could you please comment on Bugzilla entries like this in order to make it easier for people to avoid unnecessary work?
redhat released an update for RH9, but not for FC1. as such, it's not clear to me why this ticket is closed.