The remote host is missing an update to mahara announced via advisory DSA 2206-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202206-1

Two security vulnerabilities have been discovered in Mahara, a fully featured electronic portfolio, weblog, resume builder and social networking system: CVE-2011-0439 A security review commissioned by a Mahara user discovered that Mahara processes unsanitized input which can lead to cross-site scripting (XSS). CVE-2011-0440 Mahara Developers discovered that Mahara doesn't check the session key under certain circumstances which can be exploited as cross-site request forgery (CSRF) and can lead to the deletion of blogs. For the old stable distribution (lenny) these problems have been fixed in version 1.0.4-4+lenny8. For the stable distribution (squeeze) these problems have been fixed in version 1.2.6-2+squeeze1. For the unstable distribution (sid) these problems have been fixed in version 1.2.7. We recommend that you upgrade your mahara package.