Hi Tony, On Thu, Apr 11, 2019 at 10:20:32PM -0700, tony mancill wrote: > On Fri, Feb 08, 2019 at 11:37:20PM +0100, Moritz Muehlenhoff wrote: > > Package: jabref > > Severity: grave > > Tags: security > > > > This was assigned CVE-2018-1000652: > > https://github.com/JabRef/jabref/issues/4229 > > https://github.com/JabRef/jabref/commit/89f855d76713b4cd25ac0830c719cd61c511851e > > Hello Moritz, > > Attached is a debdiff to address this CVE in stretch. Please let me > know how/whether you'd like to proceed. (I could prepare an upload for > stretch-pu instead if that's preferable.) > > > I have built the binary and tested locally and everything appears to be > working as expected. > > Thanks to Gregor putting this together.
The issue does not warrant a DSA/an update via security[1]. Can you fix it trough the upcoming point release? Regards, Salvatore [1] https://security-tracker.debian.org/tracker/CVE-2018-1000652
