Followup-For: Bug #985220 Hi,
CVE-2020-13936 is fixed in stretch-security but not buster, making upgrades difficult since stetch-security has a newer version than buster. Please upload the fix to buster, too. velocity | 1.7-4 | jessie | source, all velocity | 1.7-5 | stretch | source, all velocity | 1.7-5 | buster | source, all velocity | 1.7-5+deb9u1 | stretch-security | source, all velocity | 1.7-6 | bullseye | source, all velocity | 1.7-6 | sid | source, all Andreas __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.