The remote host is missing an update to typo3-src announced via advisory DSA 1439-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201439-1

Henning Pingel discovered that TYPO3, a web content management framework, performs insufficient input sanitising, making it vulnerable to SQL injection by logged-in backend users. For the stable distribution (etch), this problem has been fixed in version typo3-src 4.0.2+debian-4. The old stable distribution (sarge) doesn't contain typo3-src. For the unstable distribution (sid) and for the testing distribution (lenny), this problem has been fixed in version 4.1.5-1. We recommend that you upgrade your typo3-src packages.