Package: mojarra Version: 2.0.3-3 Severity: critical Tags: security Please remove mojarra source package from Debian as it has been unmaintained and contains several unfixed security vulnerabilities with no replies from maintainer.
https://packages.debian.org/source/sid/mojarra http://packages.qa.debian.org/m/mojarra.html https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=mojarra CVE-2012-2672: https://bugs.debian.org/677194 Jun 2012 CVE-2013-5855: https://bugs.debian.org/740586 Mar 2014 Moritz commented to this in private email: """ Unmaintained packages should be removed, but spring build-depends on one of the libs from mojarra: jmm@pisco:~$ build-rdeps libjsf-api-java Reverse Build-depends in main: ------------------------------ libspring-java So it needs to be checked whether that can be dropped from Spring. """ If maintainer shows some activity I could help to get these issues fixed. --- Henri Salo
Description: Digital signature
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.