What does mean marker in [ ] at packages.debian.org

The [security] is used to indicate that a security update is available for the package to solve a security issue.

To apply the security update the security repository should be enabled on your sources.list.

deb http://security.debian.org/debian-security stretch/updates main

If you are using a non-free software you should add:

deb http://security.debian.org/debian-security stretch/updates main contrib non-free

But...?

Q: How is security handled for contrib and non-free?

A: The short answer is: it's not. Contrib and non-free aren't official parts of the Debian Distribution and are not released, and thus not supported by the security team. Some non-free packages are distributed without source or without a license allowing the distribution of modified versions. In those cases no security fixes can be made at all. If it is possible to fix the problem, and the package maintainer or someone else provides correct updated packages, then the security team will generally process them and release an advisory.

Next step run:

# apt update && apt upgrade

To upgrade your package including the security update.

The unattended-upgrades is useful to automatically apply the security updates.

Debian wiki:

The purpose of unattended-upgrades is to keep the computer current with the latest security (and other) updates automatically.

e,g:

apt-cache policy libvpx4
libvpx4:
  Installé : 1.6.1-3
  Candidat : 1.6.1-3+deb9u1
 Table de version :
     1.6.1-3+deb9u1 500
        500 http://security.debian.org stretch/updates/main amd64 Packages
 *** 1.6.1-3 500
        500 http://deb.debian.org/debian stretch/main amd64 Packages
        100 /var/lib/dpkg/status

The current libvpx4 installed version is 1.6.1-3 is a vulnerable package CVE-2017-13194 (installed from the main repo) should be upgraded (high Urgency) to the libvpx_1.6.1-3+deb9u1 version, this update is available from the security repository.

Package: libvpx-dev (1.6.1-3+deb9u1) [security]