CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10818
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1060
https://exchange.xforce.ibmcloud.com/vulnerabilities/15891
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181
http://www.debian.org/security/2004/dsa-486