This XSS issue was resolved/released in 0.9.10-jenkins-29 so the package in Debian already contains the fix for this security issue.
Apologies - I should have detailed this in the changelog entry. Cheers James -- James Page Ubuntu Core Developer __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.