The remote host is missing an update to rsync announced via advisory DSA 1545-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201545-1

Sebastian Krahmer discovered that an integer overflow in rsync's code for handling extended attributes may lead to arbitrary code execution. For the stable distribution (etch), this problem has been fixed in version 2.6.9-2etch2. For the unstable distribution (sid), this problem has been fixed in version 3.0.2-1. We recommend that you upgrade your rsync package.