Version in base suite: 2.1.8-1 Base version: libxml-security-java_2.1.8-1 Target version: libxml-security-java_2.1.8-1.1~deb13u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/libx/libxml-security-java/libxml-security-java_2.1.8-1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/libx/libxml-security-java/libxml-security-java_2.1.8-1.1~deb13u1.dsc changelog | 15 +++++++++++++++ patches/0001-Logging-improvements.patch | 24 ++++++++++++++++++++++++ patches/series | 1 + 3 files changed, 40 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp648k6z2m/libxml-security-java_2.1.8-1.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp648k6z2m/libxml-security-java_2.1.8-1.1~deb13u1.dsc: no acceptable signature found diff -Nru libxml-security-java-2.1.8/debian/changelog libxml-security-java-2.1.8/debian/changelog --- libxml-security-java-2.1.8/debian/changelog 2024-01-03 14:36:06.000000000 +0000 +++ libxml-security-java-2.1.8/debian/changelog 2026-05-09 12:43:44.000000000 +0000 @@ -1,3 +1,18 @@ +libxml-security-java (2.1.8-1.1~deb13u1) trixie; urgency=medium + + * Non-maintainer upload. + * Rebuild for trixie. + + -- Adrian Bunk Sat, 09 May 2026 15:43:44 +0300 + +libxml-security-java (2.1.8-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * CVE-2023-44483: Private Key disclosure in debug-log output + (Closes: #1059313) + + -- Adrian Bunk Thu, 07 May 2026 14:46:58 +0300 + libxml-security-java (2.1.8-1) unstable; urgency=medium * Removed the -java-doc package diff -Nru libxml-security-java-2.1.8/debian/patches/0001-Logging-improvements.patch libxml-security-java-2.1.8/debian/patches/0001-Logging-improvements.patch --- libxml-security-java-2.1.8/debian/patches/0001-Logging-improvements.patch 1970-01-01 00:00:00.000000000 +0000 +++ libxml-security-java-2.1.8/debian/patches/0001-Logging-improvements.patch 2026-05-07 11:46:31.000000000 +0000 @@ -0,0 +1,24 @@ +From acd0d1e92e7c96b70c4fa19e74640b89cacf77dd Mon Sep 17 00:00:00 2001 +From: Sean Mullan +Date: Fri, 6 Oct 2023 09:40:14 -0400 +Subject: Logging improvements. + +--- + .../org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java +index ce2e5445..5570427c 100644 +--- a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java ++++ b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java +@@ -296,7 +296,6 @@ public abstract class DOMSignatureMethod extends AbstractDOMSignatureMethod { + } + signature.initSign((PrivateKey)key); + LOG.debug("Signature provider: {}", signature.getProvider()); +- LOG.debug("Signing with key: {}", key); + LOG.debug("JCA Algorithm: {}", getJCAAlgorithm()); + + try (SignerOutputStream outputStream = new SignerOutputStream(signature)) { +-- +2.47.3 + diff -Nru libxml-security-java-2.1.8/debian/patches/series libxml-security-java-2.1.8/debian/patches/series --- libxml-security-java-2.1.8/debian/patches/series 2024-01-03 13:56:29.000000000 +0000 +++ libxml-security-java-2.1.8/debian/patches/series 2026-05-07 11:46:58.000000000 +0000 @@ -1,3 +1,4 @@ no-errorprone.patch exclude-tests.patch remove-XMLUtilsPerformanceTest.java.patch +0001-Logging-improvements.patch