Control: tags -1 wontfix Control: severity -1 important The Debian version is too old to contain this CVE. https://github.com/advisories/GHSA-pfh2-hfmq-phg5 has "Affected versions: >= 2.2.0, < 2.9.0"
So this should not be RC for now. When the package is updated to another version make sure that the fix is included. __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
