Bug#762690: libhibernate-validator-java: affected by CVE-2014-3558

[Moritz Muehlenhoff]

severity 762690 important
thx

On Sun, Nov 02, 2014 at 11:38:30PM +0100, Emmanuel Bourg wrote:
> libhibernate-validator-java is only used as a build dependency of
> libhibernate3-java. No package depends on it at runtime, so the risk of
> being affected by this vulnerability is rather low, if not zero.

I'm downgrading the severity to normal. No need to treat it as a RC
security bug.

Cheers,
        Moritz