The remote Debian host is missing a security-related update.
Multiple vulnerabilities were discovered in the interpreter for the Ruby language : - CVE-2014-4975 The encodes() function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution. - CVE-2014-8080, CVE-2014-8090 The REXML parser could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service (crash).
Upgrade the ruby1.9.1 packages. For the stable distribution (wheezy), these problems have been fixed in version 184.108.40.206-8.1+deb7u3. For the upcoming stable distribution (jessie), these problems have been fixed in version 2.1.5-1 of the ruby2.1 source package.