Package: mojarra
Version: 2.0.3-3
Severity: critical
Tags: security

Please remove mojarra source package from Debian as it has been unmaintained and
contains several unfixed security vulnerabilities with no replies from

CVE-2012-2672: Jun 2012
CVE-2013-5855: Mar 2014

Moritz commented to this in private email:

Unmaintained packages should be removed, but spring build-depends on
one of the libs from mojarra:

jmm@pisco:~$ build-rdeps libjsf-api-java
Reverse Build-depends in main:


So it needs to be checked whether that can be dropped from Spring.

If maintainer shows some activity I could help to get these issues fixed.

Henri Salo

Attachment: signature.asc
Description: Digital signature

This is the maintainer address of Debian's Java team
Please use for discussions and questions.

Reply via email to