-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 05 May 2026 11:26:56 +0100
Source: openssh
Binary: openssh-client openssh-client-dbgsym openssh-client-udeb openssh-server openssh-server-dbgsym openssh-server-udeb openssh-sftp-server openssh-sftp-server-dbgsym openssh-tests openssh-tests-dbgsym ssh-askpass-gnome ssh-askpass-gnome-dbgsym
Architecture: amd64
Version: 1:9.2p1-2+deb12u10
Distribution: bookworm
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 openssh-tests - OpenSSH regression tests
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
Closes: 1132572 1132573 1132574 1132575 1132576
Changes:
 openssh (1:9.2p1-2+deb12u10) bookworm; urgency=medium
 .
   * Backport minor security fixes from 10.3p1:
     - ssh(1): the -J and equivalent -oProxyJump="..." options now validate
       user and host names for ProxyJump/-J options passed via the
       command-line (no such validation is performed for this option in
       configuration files). This prevents shell injection in situations
       where these were directly exposed to adversarial input, which would
       have been a terrible idea to begin with.
     - CVE-2026-35386: ssh(1): validation of shell metacharacters in user
       names supplied on the command-line was performed too late to prevent
       some situations where they could be expanded from %-tokens in
       ssh_config. For certain configurations, such as those that use a "%u"
       token in a "Match exec" block, an attacker who can control the user
       name passed to ssh(1) could potentially execute arbitrary shell
       commands. Reported by Florian Kohnhäuser (closes: #1132573).
       We continue to recommend against directly exposing ssh(1) and other
       tools' command-lines to untrusted input. Mitigations such as this can
       not be absolute given the variety of shells and user configurations in
       use.
     - CVE-2026-35414: sshd(8): when matching an authorized_keys
       principals="" option against a list of principals in a certificate, an
       incorrect algorithm was used that could allow inappropriate matching
       in cases where a principal name in the certificate contains a comma
       character. Exploitation of the condition requires an authorized_keys
       principals="" option that lists more than one principal *and* a CA
       that will issue a certificate that encodes more than one of these
       principal names separated by a comma (typical CAs strongly constrain
       which principal names they will place in a certificate). This
       condition only applies to user- trusted CA keys in authorized_keys,
       the main certificate authentication path
       (TrustedUserCAKeys/AuthorizedPrincipalsFile) is not affected. Reported
       by Vladimir Tokarev (closes: #1132576).
     - CVE-2026-35385: scp(1): when downloading files as root in legacy (-O)
       mode and without the -p (preserve modes) flag set, scp did not clear
       setuid/setgid bits from downloaded files as one might typically
       expect. This bug dates back to the original Berkeley rcp program.
       Reported by Christos Papakonstantinou of Cantina and Spearbit (closes:
       #1132572).
     - CVE-2026-35387: sshd(8): fix incomplete application of
       PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard
       to ECDSA keys. Previously if one of these directives contains any
       ECDSA algorithm name (say "ecdsa-sha2-nistp384"), then any other ECDSA
       algorithm would be accepted in its place regardless of whether it was
       listed or not.  Reported by Christos Papakonstantinou of Cantina and
       Spearbit (closes: #1132574).
     - CVE-2026-35388: ssh(1): connection multiplexing confirmation
       (requested using "ControlMaster ask/autoask") was not being tested for
       proxy mode multiplexing sessions (i.e. "ssh -O proxy ..."). Reported
       by Michalis Vasileiadis (closes: #1132575).
Checksums-Sha1:
 dbfc3e797e12c2e34666b97db725841154ab6651 3819612 openssh-client-dbgsym_9.2p1-2+deb12u10_amd64.deb
 a33586ea76a678292eecf13f31836f499fd3e543 378612 openssh-client-udeb_9.2p1-2+deb12u10_amd64.udeb
 a4d2824bdadcc7485a54f6288575acbda8842087 993532 openssh-client_9.2p1-2+deb12u10_amd64.deb
 ad38d4b1395f8c4ef7056486a4457e983f359c3a 941368 openssh-server-dbgsym_9.2p1-2+deb12u10_amd64.deb
 9bd42ee7dfd0051c9f5de6af77843558b64b9f69 393900 openssh-server-udeb_9.2p1-2+deb12u10_amd64.udeb
 7749c18fa9ddac5ae9498f6a5efadae9cdcb8c9e 456584 openssh-server_9.2p1-2+deb12u10_amd64.deb
 5fa21d15ecc26d4b0b98eed329a6b27ed2b3121d 165548 openssh-sftp-server-dbgsym_9.2p1-2+deb12u10_amd64.deb
 3c34d4823def5ce712d574276f0bc42949181b83 65928 openssh-sftp-server_9.2p1-2+deb12u10_amd64.deb
 31fb25d34202d414b85fa776de537023475f8d84 2966784 openssh-tests-dbgsym_9.2p1-2+deb12u10_amd64.deb
 22ca5c140a4fdddc151387bd3c37355a2536e665 1050728 openssh-tests_9.2p1-2+deb12u10_amd64.deb
 fb8d4117f94e696f5f73bd5c552214d57956f335 18870 openssh_9.2p1-2+deb12u10_amd64-buildd.buildinfo
 be9068e9a8345e1001155a3d309597c7b68dc1ab 17000 ssh-askpass-gnome-dbgsym_9.2p1-2+deb12u10_amd64.deb
 2c508b8459b9aa794769e102225e791e48b593eb 189256 ssh-askpass-gnome_9.2p1-2+deb12u10_amd64.deb
Checksums-Sha256:
 48c60d0bdb04d89729ea5f7e83f2be13ada7167ef7b60f04f3786e838073988d 3819612 openssh-client-dbgsym_9.2p1-2+deb12u10_amd64.deb
 02158982bd58e695b138a529427195d92f1affd466b8e7acc5106fea958c853d 378612 openssh-client-udeb_9.2p1-2+deb12u10_amd64.udeb
 42c250b8b9110382488c53c066a960bc564ddac2cb9e449f47b6cdbb5fc1cb60 993532 openssh-client_9.2p1-2+deb12u10_amd64.deb
 5c3ef9ae338ea33ff4ad15f93cc3c7e2c041a05515b08bbaf1c61034a81f8e59 941368 openssh-server-dbgsym_9.2p1-2+deb12u10_amd64.deb
 4bdacbe42232133ea1a1f4c426a8e23c194f5417a7e94552684d4b2de763336f 393900 openssh-server-udeb_9.2p1-2+deb12u10_amd64.udeb
 933cd92a2329f9bf26d22660a834ae18ebdbe8df9c6127e4d9fcb098dac9cf72 456584 openssh-server_9.2p1-2+deb12u10_amd64.deb
 8ee7fac2b78f7387ec8d2037339c2a3dbbe7f78095c1807fc55c8b942a2b0b1e 165548 openssh-sftp-server-dbgsym_9.2p1-2+deb12u10_amd64.deb
 18d7ef7873861272b43b764295cbd8c04f439108fc3a4cecb3fe6e095f8ee2a8 65928 openssh-sftp-server_9.2p1-2+deb12u10_amd64.deb
 e067c1b22025ff9b926be869a701e9667a2351b5c0a9f9391920c2dbb2af08ed 2966784 openssh-tests-dbgsym_9.2p1-2+deb12u10_amd64.deb
 1e4aa337ec9d5dbd968de33f2a19f0d599b48d675b6f882be22148fb79fe2e8a 1050728 openssh-tests_9.2p1-2+deb12u10_amd64.deb
 ad1f2ba23da1c5e77e4ee2494511645a5af2487f8ca1340afebeb82dc16461d5 18870 openssh_9.2p1-2+deb12u10_amd64-buildd.buildinfo
 98b52610baff867f3cf4ab45e3dae02d1d8a9648cfc6e40841f76dfc8fa4c535 17000 ssh-askpass-gnome-dbgsym_9.2p1-2+deb12u10_amd64.deb
 21eb66cf569cf9ec1991a127664988080c5410c00c4c121f0ead59dd84b3d8e1 189256 ssh-askpass-gnome_9.2p1-2+deb12u10_amd64.deb
Files:
 dd5f7a7b7f6e747bfe3f77f3e5335f60 3819612 debug optional openssh-client-dbgsym_9.2p1-2+deb12u10_amd64.deb
 69780a0ead6781950703880408aae852 378612 debian-installer optional openssh-client-udeb_9.2p1-2+deb12u10_amd64.udeb
 ee0930fea4d03b9b02959d7019070391 993532 net standard openssh-client_9.2p1-2+deb12u10_amd64.deb
 3a3f38147aa7b25ba138826e8db79e46 941368 debug optional openssh-server-dbgsym_9.2p1-2+deb12u10_amd64.deb
 cefadb6ec98ac32b02ae7dd749ca4677 393900 debian-installer optional openssh-server-udeb_9.2p1-2+deb12u10_amd64.udeb
 fe69ff4b909f1623af7fd00d29a9fe86 456584 net optional openssh-server_9.2p1-2+deb12u10_amd64.deb
 2313a01c263da0af5cab406bf50c874d 165548 debug optional openssh-sftp-server-dbgsym_9.2p1-2+deb12u10_amd64.deb
 d900262208fa056fc0af230243ec4a22 65928 net optional openssh-sftp-server_9.2p1-2+deb12u10_amd64.deb
 e8659708e7d80fec158d4b7d9d7f7043 2966784 debug optional openssh-tests-dbgsym_9.2p1-2+deb12u10_amd64.deb
 4db14a54954472da5d8776928a7105d7 1050728 net optional openssh-tests_9.2p1-2+deb12u10_amd64.deb
 9024821eb4daf5b8dcbd576b32871b5f 18870 net standard openssh_9.2p1-2+deb12u10_amd64-buildd.buildinfo
 502007a65df81fdbf62b4c4ec7008be6 17000 debug optional ssh-askpass-gnome-dbgsym_9.2p1-2+deb12u10_amd64.deb
 119e90e8619fbe06eec83e97c5fd2c55 189256 gnome optional ssh-askpass-gnome_9.2p1-2+deb12u10_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7cQ9mRD4+dWjjrb6PkCWRKsh20cFAmn6O+4ACgkQPkCWRKsh
20cwKA/9HYOtbNCYWaekr8V5lx43BFodS2VBhtwb0fzqqUHWXXjG5NzdVRtQXjEN
q1+l4w5rUGi+aHRONcWxPF8mFfjG/NNnHaWs9uzzqgqcgEs4YISUkWfhLCh2WH2y
UHzrrAdVssSq/O8+q9i0LpSyQrlvgr2JRZuLm19bsjR6KZYa1pJNEciqhCLGNfMc
XPBJ2FbRWrVcbA5J4StQInNkis+1m5c9qAVWzx2rf4YoPobhZBFSz3SdILHfNYSX
B4R4Enmy4qikjsfkife8voFFAbbr4zYnvsSS1gMyMpQGB0To1SyxioYdJUYgjvrv
3KKm8s505oqChIdGyGB5+FNuCuOAV819MjSFck8foSzV01HuJ/MIEYRtjKeEqXO5
FkZqveznxlVAwfnc5w7mhkU/XaRTokHLVZyYU6wNcMZDXFKHm/rOIOtKgsoqUtke
x+Id2Is5rA9vfdxVgxGp4WQHFFMSNajN8V5Rn3b0hTz+rEkuvFhM2Ra4cSrVgT5V
XZpJajkukVdYNS6iXXBUKlSsKKwWW1sWKdPK7OJ2Vsw3u6315e0sRJHjELd8ztIS
z4hZm6fFiKbuIAEplbzdjoybqibIWYAfZ58XZuM+jAw5mTU+sNFSOcY8QeJOtfdF
JZ6jzk7VVCwDLehwrGCBQrFHDKy2d/fGVnhlQumQuNbTwKmPSzI=
=qvwp
-----END PGP SIGNATURE-----