Package: libstruts1.2-java Version: 1.2.9-8 Severity: grave Tags: security Dear Maintainer, In https://security-tracker.debian.org/tracker/CVE-2014-0094 : >Notes >- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.16) But CVE-2014-0094 is known to affect Struts 1.x. Regards, Nobuhiro