The remote host is missing an update to cvs announced via advisory DSA 233-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20233-1

Stefan Esser discovered a problem in cvs, a concurrent versions system, which is used for many Free Software projects. The current version contais a flaw that can be used by a remote attacker to execute arbitrary code on the CVS server under the user id the CVS server runs as. Anonymous read-only access is sufficient to exploit this problem. For the stable distribution (woody) this problem has been fixed in version 1.11.1p1debian-8.1. For the old stable distribution (potato) this problem has been fixed in version 1.10.7-9.2. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your cvs package immediately.