Bug#921772: CVE-2018-1000652
gregor herrmann
gregoa at debian.org
Sat Feb 9 00:11:52 GMT 2019
On Fri, 08 Feb 2019 23:37:20 +0100, Moritz Muehlenhoff wrote:
> This was assigned CVE-2018-1000652:
> https://github.com/JabRef/jabref/issues/4229
> https://github.com/JabRef/jabref/commit/89f855d76713b4cd25ac0830c719cd61c511851e
Thanks Moritz.
I've added a slightly adjusted and trimmed-down version of the of
upstream commit to git.
Which fails to build with
/build/jabref-3.8.2+ds/src/main/java/net/sf/jabref/logic/importer/fileformat/MsBibImporter.java:16: error: package org.slf4j does not exist
import org.slf4j.Logger;
^
/build/jabref-3.8.2+ds/src/main/java/net/sf/jabref/logic/importer/fileformat/MsBibImporter.java:17: error: package org.slf4j does not exist
import org.slf4j.LoggerFactory;
^
/build/jabref-3.8.2+ds/src/main/java/net/sf/jabref/logic/importer/fileformat/MsBibImporter.java:29: error: cannot find symbol
private static final Logger LOGGER = LoggerFactory.getLogger(MsBibImporter.class);
^
symbol: class Logger
location: class MsBibImporter
Seems like we either need a new build dependency, or remove the
logging part, or rewrite it … I'd be grateful for help from Java
experts :)
Cheers,
gregor
--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`- NP: Eagles
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: Digital Signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20190209/dac04a72/attachment.sig>
More information about the pkg-java-maintainers
mailing list