The remote host is missing an update to viewcvs announced via advisory DSA 605-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20605-1

Hajvan Sehic discovered several vulnerabilities in viewcvs, a utility for viewing CVS and Subversion repositories via HTTP. When exporting a repository as a tar archive the hide_cvsroot and forbidden settings were not honoured enough. When upgrading the package for woody, please make a copy of your /etc/viewcvs/viewcvs.conf file if you have manually edited this file. Upon upgrade the debconf mechanism may alter it in a way so that viewcvs doesn't understand it anymore. For the stable distribution (woody) these problems have been fixed in version 0.9.2-4woody1. For the unstable distribution (sid) these problems have been fixed in version 0.9.2+cvs.1.0.dev.2004.07.28-1.2. We recommend that you upgrade your viewcvs package.