iDEFENSE has discovered an information disclosure issue with the cvs 'history' command. More information here: http://www.idefense.com/application/poi/display?id=130&type=vulnerabilities&flashstatus=true RHEL is being handled by bug 130038
On closer inspection, this issue does not affect fedora core. Closing bug.