...
It's "expected" (for some value of expected), the pre-1.1 engine does not deal
well with -1 pins; in contrast to the 1.1 and newer engine used in testing,
unstable, experimental.
The reason here is that in the pre-1.1 engine, a package can have exactly one
pin. This pin must match the candidate version for it to be useful. As a work
around, you can probably pin the other versions above 1000.
In 1.1 and newer, packages have no pins. Instead, versions have pins. So, in your
case, you'd get:
xscreensaver:
Installed: (none)
Candidate: 5.30-1+deb8u1
Version table:
5.30-1+deb8u2 -1
500 http://httpredir.debian.org/debian/ jessie-updates/main amd64 Packages
5.30-1+deb8u1 500
500 http://httpredir.debian.org/debian/ jessie/main amd64 Packages
500 http://security.debian.org/ jessie/updates/main amd64 Packages
That said, it's ridiculous to blacklist the fixed xscreensaver version.