The remote host is missing an update to unzip announced via advisory DSA 344-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20344-1

A directory traversal vulnerability in UnZip 5.50 allows attackers to bypass a check for relative pathnames ('../') by placing certain invalid characters between the two '.' characters. For the stable distribution (woody) this problem has been fixed in version 5.50-1woody1. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you update your unzip package.