The remote host is missing an update to courier-authlib announced via advisory DSA 1688-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201688-1

Two SQL injection vulnerabilities have beein found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used (CVE-2008-2380). A similar issue affects the PostgreSQL database interface (CVE-2008-2667). For the stable distribution (etch), these problems have been fixed in version 0.58-4+etch2. For the testing distribution (lenny) and the unstable distribution (sid), these problems have been fixed in version 0.61.0-1+lenny1. We recommend that you upgrade your courier-authlib packages.