Your message dated Sat, 16 May 2026 11:07:42 +0000
with message-id <[email protected]>
and subject line Released with 12.14
has caused the Debian Bug report #1136094,
regarding bookworm-pu: package libxml-security-java/2.1.7-3+deb12u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1136094: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136094
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:libxml-security-java
User: [email protected]
Usertags: pu
* CVE-2023-44483: Private Key disclosure in debug-log output
(Closes: #1059313)
diffstat for libxml-security-java-2.1.7 libxml-security-java-2.1.7
changelog | 8 ++++++++
patches/0001-Logging-improvements.patch | 24 ++++++++++++++++++++++++
patches/series | 1 +
3 files changed, 33 insertions(+)
diff -Nru libxml-security-java-2.1.7/debian/changelog
libxml-security-java-2.1.7/debian/changelog
--- libxml-security-java-2.1.7/debian/changelog 2023-01-22 19:31:41.000000000
+0200
+++ libxml-security-java-2.1.7/debian/changelog 2026-05-09 16:15:20.000000000
+0300
@@ -1,3 +1,11 @@
+libxml-security-java (2.1.7-3+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2023-44483: Private Key disclosure in debug-log output
+ (Closes: #1059313)
+
+ -- Adrian Bunk <[email protected]> Sat, 09 May 2026 16:15:20 +0300
+
libxml-security-java (2.1.7-3) unstable; urgency=medium
* Team upload
diff -Nru
libxml-security-java-2.1.7/debian/patches/0001-Logging-improvements.patch
libxml-security-java-2.1.7/debian/patches/0001-Logging-improvements.patch
--- libxml-security-java-2.1.7/debian/patches/0001-Logging-improvements.patch
1970-01-01 02:00:00.000000000 +0200
+++ libxml-security-java-2.1.7/debian/patches/0001-Logging-improvements.patch
2026-05-09 16:14:45.000000000 +0300
@@ -0,0 +1,24 @@
+From bfefaed07eb583b5048ac1639bb45eaef21dcc94 Mon Sep 17 00:00:00 2001
+From: Sean Mullan <[email protected]>
+Date: Fri, 6 Oct 2023 09:40:14 -0400
+Subject: Logging improvements.
+
+---
+ .../org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git
a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
+index bf3d86d7..0e1db58a 100644
+---
a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
++++
b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
+@@ -261,7 +261,6 @@ public abstract class DOMSignatureMethod extends
AbstractDOMSignatureMethod {
+ }
+ signature.initSign((PrivateKey)key);
+ LOG.debug("Signature provider: {}", signature.getProvider());
+- LOG.debug("Signing with key: {}", key);
+ LOG.debug("JCA Algorithm: {}", getJCAAlgorithm());
+
+ try (SignerOutputStream outputStream = new
SignerOutputStream(signature)) {
+--
+2.47.3
+
diff -Nru libxml-security-java-2.1.7/debian/patches/series
libxml-security-java-2.1.7/debian/patches/series
--- libxml-security-java-2.1.7/debian/patches/series 2023-01-22
18:15:12.000000000 +0200
+++ libxml-security-java-2.1.7/debian/patches/series 2026-05-09
16:15:20.000000000 +0300
@@ -1,3 +1,4 @@
no-errorprone.patch
exclude-tests.patch
remove-XMLUtilsPerformanceTest.java.patch
+0001-Logging-improvements.patch
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 12.14
This update has been released as part of Debian 12.14.
--- End Message ---
