Package: libcommons-compress-java
Version: 1.2-1
Severity: grave
Tags: security
Please see https://commons.apache.org/compress/security.html
Fixed in 1.4.1. This doesn't warrant a DSA, but you could fix
it through a point update for Squeeze 6.0.6.
Cheers,
Moritz