iDEFENSE has discovered an information disclosure issue with the cvs 'history' command. More information here: http://www.idefense.com/application/poi/display?id=130&type=vulnerabilities&flashstatus=true This issue should also affect RHEL2.1
https://ccvs.cvshome.org/source/browse/ccvs/src/history.c?r1=1.73&r2=1.74 This issue was actually fixed by the Krahmer/Esser backported patches included in our last security update on June9th. Therefore Red Hat Enterprise Linux is not vulnerable to this issue.