Debian Security Advisory - The versions of cvsweb distributed in Debian GNU/Linux 2.1, are vulnerable to a remote shell exploit. An attacker with write access to the cvs repository can execute arbitrary code on the server, as the www-data user.
bde093ff911197907af689c349320d1215735f41782f40c7e69166fcde98e03c