Synopsis :

The remote Debian host is missing a security-related update.

Description :

Derek Robert Price discovered a potential buffer overflow
vulnerability in the CVS server, based on a malformed Entry, which
serves the popular Concurrent Versions System.

See also :

http://www.debian.org/security/2004/dsa-517

Solution :

Upgrade the cvs package.

For the stable distribution (woody) this problem has been fixed in
version 1.11.1p1debian-9woody6.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true