Neither security team (doesn't support non-free) nor package maintainer are fixing security bugs. grave security-risk exists since 22.10.2007 fixed by upstream since 22.10.2007 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462622 for details