The remote Debian host is missing a security-related update.
Alexander Cherepanov discovered that bsdcpio, an implementation of the'cpio' program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths.
Upgrade the libarchive packages. For the stable distribution (wheezy), this problem has been fixed in version 3.0.4-3+wheezy1. For the upcoming stable distribution (jessie), this problem has been fixed in version 3.1.2-11.