The remote Debian host is missing a security-related update.
Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.
Upgrade the perl packages. For the oldstable distribution (jessie), this problem has been fixed in version 5.20.2-3+deb8u11. For the stable distribution (stretch), this problem has been fixed in version 5.24.1-3+deb9u4.