Bug#921772: CVE-2018-1000652
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 12 07:42:03 BST 2019
Hi Tony,
On Thu, Apr 11, 2019 at 10:20:32PM -0700, tony mancill wrote:
> On Fri, Feb 08, 2019 at 11:37:20PM +0100, Moritz Muehlenhoff wrote:
> > Package: jabref
> > Severity: grave
> > Tags: security
> >
> > This was assigned CVE-2018-1000652:
> > https://github.com/JabRef/jabref/issues/4229
> > https://github.com/JabRef/jabref/commit/89f855d76713b4cd25ac0830c719cd61c511851e
>
> Hello Moritz,
>
> Attached is a debdiff to address this CVE in stretch. Please let me
> know how/whether you'd like to proceed. (I could prepare an upload for
> stretch-pu instead if that's preferable.)
>
>
> I have built the binary and tested locally and everything appears to be
> working as expected.
>
> Thanks to Gregor putting this together.
The issue does not warrant a DSA/an update via security[1]. Can you
fix it trough the upcoming point release?
Regards,
Salvatore
[1] https://security-tracker.debian.org/tracker/CVE-2018-1000652
More information about the pkg-java-maintainers
mailing list