The remote host is missing an update to python-django announced via advisory DSA 1640-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201640-1

Simon Willison discovered that in Django, a Python web framework, the feature to retain HTTP POST data during user reauthentication allowed a remote attacker to perform unauthorized modification of data through cross site request forgery. The is possible regardless of the Django plugin to prevent cross site request forgery being enabled. The Common Vulnerabilities and Exposures project identifies this issue as CVE-2008-3909. In this update the affected feature is disabled this is in accordance with upstream's preferred solution for this situation. This update takes the opportunity to also include a relatively minor denial of service attack in the internationalisaton framework, known as CVE-2007-5712. For the stable distribution (etch), these problems have been fixed in version 0.95.1-1etch2. For the unstable distribution (sid), these problems have been fixed in version 1.0-1. We recommend that you upgrade your python-django package.