The remote host is missing an update to movabletype-opensource announced via advisory DSA 2263-2.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202263-2

Advisory DSA 2363-1 did not include a package for the Debian 5.0 'Lenny' suite at that time. This update adds that package. The original advisory text follows. It was discovered that Movable Type, a weblog publishing system, contains several security vulnerabilities: A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system under certain circumstances. For the oldstable distribution (lenny), these problems have been fixed in version 4.2.3-1+lenny3. For the stable distribution (squeeze), these problems have been fixed in version 4.3.5+dfsg-2+squeeze2. For the testing distribution (wheezy) and for the unstable distribution (sid), these problems have been fixed in version 4.3.6.1+dfsg-1. We recommend that you upgrade your movabletype-opensource packages.