On Fri, 08 Feb 2019 23:37:20 +0100, Moritz Muehlenhoff wrote: > This was assigned CVE-2018-1000652: > https://github.com/JabRef/jabref/issues/4229 > https://github.com/JabRef/jabref/commit/89f855d76713b4cd25ac0830c719cd61c511851e
Thanks Moritz.
I've added a slightly adjusted and trimmed-down version of the of
upstream commit to git.
Which fails to build with
/build/jabref-3.8.2+ds/src/main/java/net/sf/jabref/logic/importer/fileformat/MsBibImporter.java:16:
error: package org.slf4j does not exist
import org.slf4j.Logger;
^
/build/jabref-3.8.2+ds/src/main/java/net/sf/jabref/logic/importer/fileformat/MsBibImporter.java:17:
error: package org.slf4j does not exist
import org.slf4j.LoggerFactory;
^
/build/jabref-3.8.2+ds/src/main/java/net/sf/jabref/logic/importer/fileformat/MsBibImporter.java:29:
error: cannot find symbol
private static final Logger LOGGER =
LoggerFactory.getLogger(MsBibImporter.class);
^
symbol: class Logger
location: class MsBibImporter
Seems like we either need a new build dependency, or remove the
logging part, or rewrite it … I'd be grateful for help from Java
experts :)
Cheers,
gregor
--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`- NP: Eagles
signature.asc
Description: Digital Signature
