This update for cvs fixes the following issues: - CVE-2017-12836: A leading dash in the argument of the quot;-dquot; option could lead to argument injection