On Fri, 08 Feb 2019 23:37:20 +0100, Moritz Muehlenhoff wrote: > This was assigned CVE-2018-1000652: > https://github.com/JabRef/jabref/issues/4229 > https://github.com/JabRef/jabref/commit/89f855d76713b4cd25ac0830c719cd61c511851e
Thanks Moritz. I've added a slightly adjusted and trimmed-down version of the of upstream commit to git. Which fails to build with /build/jabref-3.8.2+ds/src/main/java/net/sf/jabref/logic/importer/fileformat/MsBibImporter.java:16: error: package org.slf4j does not exist import org.slf4j.Logger; ^ /build/jabref-3.8.2+ds/src/main/java/net/sf/jabref/logic/importer/fileformat/MsBibImporter.java:17: error: package org.slf4j does not exist import org.slf4j.LoggerFactory; ^ /build/jabref-3.8.2+ds/src/main/java/net/sf/jabref/logic/importer/fileformat/MsBibImporter.java:29: error: cannot find symbol private static final Logger LOGGER = LoggerFactory.getLogger(MsBibImporter.class); ^ symbol: class Logger location: class MsBibImporter Seems like we either need a new build dependency, or remove the logging part, or rewrite it … I'd be grateful for help from Java experts :) Cheers, gregor -- .''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe `- NP: Eagles
signature.asc
Description: Digital Signature