debian/changelog

 jabref (3.8.2+ds-12) UNRELEASED; urgency=medium
 
-  TODO: FTBFS with
-  /build/jabref-3.8.2+ds/src/main/java/net/sf/jabref/logic/importer/fileformat/MsBibImporter.java:16: error: package org.slf4j does not exist
-  import org.slf4j.Logger;
-                  ^
-  etc.
-
   * Add patch from upstream commit to fix CVE-2018-1000652: XML External
     Entity attack.
     Thanks to Moritz Muehlenhoff for the bug report. (Closes: #921772)

debian/patches/100_CVE-2018-1000652_XXE-vulnerability.patch

@@ -24,8 +24,8 @@ Bug: https://github.com/JabRef/jabref/issues/4229
  import net.sf.jabref.logic.msbib.MSBibDatabase;
  import net.sf.jabref.logic.util.FileExtensions;
  
-+import org.slf4j.Logger;
-+import org.slf4j.LoggerFactory;
++import org.apache.commons.logging.Log;
++import org.apache.commons.logging.LogFactory;
  import org.w3c.dom.Document;
  import org.xml.sax.InputSource;
  
@@ -33,7 +33,7 @@ Bug: https://github.com/JabRef/jabref/issues/4229
   */
  public class MsBibImporter extends Importer {
  
-+    private static final Logger LOGGER = LoggerFactory.getLogger(MsBibImporter.class);
++    private static final Log LOGGER = LogFactory.getLog(MsBibImporter.class);
 +    private static final String DISABLEDTD = "http://apache.org/xml/features/disallow-doctype-decl";
 +    private static final String DISABLEEXTERNALDTD = "http://apache.org/xml/features/nonvalidating/load-external-dtd";
 +
@@ -73,7 +73,7 @@ Bug: https://github.com/JabRef/jabref/issues/4229
 +            dBuild.setExpandEntityReferences(false);
 +
 +        } catch (ParserConfigurationException e) {
-+            LOGGER.warn("Builder not fully configured. Feature:'{}' is probably not supported by current XML processor. {}", feature, e);
++            LOGGER.warn("Builder not fully configured. Feature:'" + feature + "' is probably not supported by current XML processor.", e);
 +        }
 +
 +        return dBuild;