The remote Debian host is missing a security-related update.
Two vulnerabilities were discovered in cURL, an URL transfer library. - CVE-2018-1000005 Zhouyihai Ding discovered an out-of-bounds read in the code handling HTTP/2 trailers. This issue doesn't affect the oldstable distribution (jessie). - CVE-2018-1000007 Craig de Stigter discovered that authentication data might be leaked to third parties when following HTTP redirects.
Upgrade the curl packages. For the oldstable distribution (jessie), these problems have been fixed in version 7.38.0-4+deb8u9. For the stable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u4.