Bug#921772: CVE-2018-1000652
tony mancill
tmancill at debian.org
Sat Feb 9 17:47:08 GMT 2019
On Sat, Feb 09, 2019 at 01:11:52AM +0100, gregor herrmann wrote:
> On Fri, 08 Feb 2019 23:37:20 +0100, Moritz Muehlenhoff wrote:
>
> > This was assigned CVE-2018-1000652:
> > https://github.com/JabRef/jabref/issues/4229
> > https://github.com/JabRef/jabref/commit/89f855d76713b4cd25ac0830c719cd61c511851e
<--snip-->
> private static final Logger LOGGER = LoggerFactory.getLogger(MsBibImporter.class);
> ^
> symbol: class Logger
> location: class MsBibImporter
>
>
> Seems like we either need a new build dependency, or remove the
> logging part, or rewrite it … I'd be grateful for help from Java
> experts :)
Hi Gregor,
Thank you for doing this. I guess upstream switched out the logging
implementation in their patch. I'll push an updated patch this weekend.
Cheers,
tony
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20190209/7c683613/attachment.sig>
More information about the pkg-java-maintainers
mailing list