The remote Debian host is missing a security-related update.
Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. - CVE-2014-8161: Information leak A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages. - CVE-2015-0241: Out of boundaries read/write The function to_char() might read/write past the end of a buffer. This might crash the server when a formatting template is processed. - CVE-2015-0243: Buffer overruns in contrib/pgcrypto The pgcrypto module is vulnerable to stack buffer overrun that might crash the server. - CVE-2015-0244: SQL command injection Emil Lenngren reported that an attacker can inject SQL commands when the synchronization between client and server is lost.
Upgrade the postgresql-9.1 packages. For the stable distribution (wheezy), these problems have been fixed in version 9.1.15-0+deb7u1. For the upcoming stable distribution (jessie), these problems have been fixed in version 9.1.14-0+deb8u1.