Summary
The remote host is missing an update as announced
via advisory SSA:2003-345-01.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2003-345-01
Insight
CVS is a client/server version control system. As a server, it is used to host source code repositories. As a client, it is used to access such repositories. This advisory deals with the use of CVS as a server.
A security problem which could allow an attacker to create directories and possibly files outside of the CVS repository has been fixed with the release of cvs-1.11.10. Any sites running a CVS server should upgrade to the new CVS package.