Your message dated Sun, 10 May 2026 16:33:18 +0000
with message-id <[email protected]>
and subject line Bug#1059313: fixed in libxml-security-java 2.1.8-1.1~deb13u1
has caused the Debian Bug report #1059313,
regarding libxml-security-java: CVE-2023-44483
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1059313: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059313
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libxml-security-java
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for libxml-security-java.
CVE-2023-44483[0]:
| All versions of Apache Santuario - XML Security for Java prior to
| 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable
| to an issue where a private key may be disclosed in log files when
| generating an XML Signature and logging with debug level is
| enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4,
| or 3.0.3, which fixes this issue.
https://www.openwall.com/lists/oss-security/2023/10/20/5
https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
https://santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-44483
https://www.cve.org/CVERecord?id=CVE-2023-44483
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: libxml-security-java
Source-Version: 2.1.8-1.1~deb13u1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libxml-security-java, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated libxml-security-java package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 09 May 2026 15:43:44 +0300
Source: libxml-security-java
Architecture: source
Version: 2.1.8-1.1~deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1059313
Changes:
libxml-security-java (2.1.8-1.1~deb13u1) trixie; urgency=medium
.
* Non-maintainer upload.
* Rebuild for trixie.
.
libxml-security-java (2.1.8-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2023-44483: Private Key disclosure in debug-log output
(Closes: #1059313)
Checksums-Sha1:
75cb59ef8a2edf026de3927d1128ac9ac6faa616 2471
libxml-security-java_2.1.8-1.1~deb13u1.dsc
8deeabc7468f3680c35ab1c98f960ad9e1957dac 749792
libxml-security-java_2.1.8.orig.tar.xz
4f8d3960899babd786c95741337db8c669c9df19 7788
libxml-security-java_2.1.8-1.1~deb13u1.debian.tar.xz
Checksums-Sha256:
9300ba940179a867d138ef4925f51b1e11453149e4b7bd9802795958cb3998a5 2471
libxml-security-java_2.1.8-1.1~deb13u1.dsc
0933c830773730b4d0d72ee61595e6cbec0e29e95dae39c227cce0c31fcb89c6 749792
libxml-security-java_2.1.8.orig.tar.xz
d1234fda9cc9d63e8fbe927eaa79891c0c1bd52c6ede95cb9b11c9656b92e588 7788
libxml-security-java_2.1.8-1.1~deb13u1.debian.tar.xz
Files:
84eeb6191d332e459e92c294ddd661bd 2471 java optional
libxml-security-java_2.1.8-1.1~deb13u1.dsc
e2ebae44c79b64e6cd6c52f61b583aa9 749792 java optional
libxml-security-java_2.1.8.orig.tar.xz
c6c4ab4ba6d53d66898c32ac3f806e05 7788 java optional
libxml-security-java_2.1.8-1.1~deb13u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmn/Lh8ACgkQiNJCh6LY
mLGEJxAAtRPhAfN/PLZ07Bh9xdz1NXQVEe8+RFOQN4tGRek1yL4F1v+gQBrTHkAF
U3lbVFTfJvKlQy2/aDgNUFvQPEHSX68KYwnzfbH2LWuIiorbFpHqY3YvvBZfQWFt
Wb83xl3aW0SUziruVW0euqGVIji7z2RrGDzuA3Ov3k1Z8GhRez6C5bimUARzvxdT
WW8gEf0rObtIvX/8JeopMsOyyarVxFbOg/7zsUBAG0+/B3KI/iRQyDrYGogcze3G
v+eMrniTTJECgMdT/HFHTACMaCFIyW2sT/0oGM7jPDLI/pJ1sxDPTLN5a+/VTxuM
1eO1kYXRLjoQ86Vos44IS+m82bazX64lzbdvXCElZRU4ereqKKOAhN1cKjfUah7w
ljpK4VgHZnoD59rNhK3WpV92SoPGaLks0Mjm0rTmpabJYClT1Zzabj2+un3n65Bl
kBfm2ylyqsZF3xUEsrjx0Uq/GshcrrlAKazGUg4+LDhKcVqZ0el3qXDeHyM3byHR
hSjTTh1jqiz5wGfu9lXRLhQn0h3EUU4i2GiL7ihlNld3nfcjC31NAicXvjzor0tI
46QE9fwkgN5FO2tdWJfhtbrAEcORyGiPi9+z0CYka690dQ+eymLRbuAv2rvsfkdx
aoMuOhfnNgpAkt8gMsFggH85HPgJ4WT5GDI2cN0tqRHePOTfl/I=
=1Hcn
-----END PGP SIGNATURE-----
pgp2YWkJVLBhr.pgp
Description: PGP signature
--- End Message ---
