The remote host is missing an update to squirrelmail announced via advisory DSA 191-2.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20191-2

The security update for Squirrelmail (DSA 191-1) unfortunately introduced a bug in the options page. This problem is fixed in version 1.2.6-1.2 the current stable distribution (woody). The unstable distribution (sid) and the old stable distribution (potato) were not affected by this. For completeness please find below the original security advisory: Several cross site scripting vulnerabilities have been found in squirrelmail, a feature-rich webmail package written in PHP4. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities: 1. CVE-2002-1131: User input is not always sanitized so execution of arbitrary code on a client computer is possible. This can happen after following a malicious URL or by viewing a malicious addressbook entry. 2. CVE-2002-1132: Another problem could make it possible for an attacker to gain sensitive information under some conditions. When a malformed argument is appended to a link, an error page will be generated which contains the absolute pathname of the script. However, this information is available through the Contents file of the distribution anyway.