-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 05 May 2026 11:26:56 +0100
Source: openssh
Binary: openssh-client openssh-client-dbgsym openssh-client-udeb openssh-server openssh-server-dbgsym openssh-server-udeb openssh-sftp-server openssh-sftp-server-dbgsym openssh-tests openssh-tests-dbgsym ssh-askpass-gnome ssh-askpass-gnome-dbgsym
Architecture: arm64
Version: 1:9.2p1-2+deb12u10
Distribution: bookworm
Urgency: medium
Maintainer: arm64 Build Daemon (arm-ubc-05) <buildd_arm64-arm-ubc-05@buildd.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 openssh-tests - OpenSSH regression tests
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
Closes: 1132572 1132573 1132574 1132575 1132576
Changes:
 openssh (1:9.2p1-2+deb12u10) bookworm; urgency=medium
 .
   * Backport minor security fixes from 10.3p1:
     - ssh(1): the -J and equivalent -oProxyJump="..." options now validate
       user and host names for ProxyJump/-J options passed via the
       command-line (no such validation is performed for this option in
       configuration files). This prevents shell injection in situations
       where these were directly exposed to adversarial input, which would
       have been a terrible idea to begin with.
     - CVE-2026-35386: ssh(1): validation of shell metacharacters in user
       names supplied on the command-line was performed too late to prevent
       some situations where they could be expanded from %-tokens in
       ssh_config. For certain configurations, such as those that use a "%u"
       token in a "Match exec" block, an attacker who can control the user
       name passed to ssh(1) could potentially execute arbitrary shell
       commands. Reported by Florian Kohnhäuser (closes: #1132573).
       We continue to recommend against directly exposing ssh(1) and other
       tools' command-lines to untrusted input. Mitigations such as this can
       not be absolute given the variety of shells and user configurations in
       use.
     - CVE-2026-35414: sshd(8): when matching an authorized_keys
       principals="" option against a list of principals in a certificate, an
       incorrect algorithm was used that could allow inappropriate matching
       in cases where a principal name in the certificate contains a comma
       character. Exploitation of the condition requires an authorized_keys
       principals="" option that lists more than one principal *and* a CA
       that will issue a certificate that encodes more than one of these
       principal names separated by a comma (typical CAs strongly constrain
       which principal names they will place in a certificate). This
       condition only applies to user- trusted CA keys in authorized_keys,
       the main certificate authentication path
       (TrustedUserCAKeys/AuthorizedPrincipalsFile) is not affected. Reported
       by Vladimir Tokarev (closes: #1132576).
     - CVE-2026-35385: scp(1): when downloading files as root in legacy (-O)
       mode and without the -p (preserve modes) flag set, scp did not clear
       setuid/setgid bits from downloaded files as one might typically
       expect. This bug dates back to the original Berkeley rcp program.
       Reported by Christos Papakonstantinou of Cantina and Spearbit (closes:
       #1132572).
     - CVE-2026-35387: sshd(8): fix incomplete application of
       PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard
       to ECDSA keys. Previously if one of these directives contains any
       ECDSA algorithm name (say "ecdsa-sha2-nistp384"), then any other ECDSA
       algorithm would be accepted in its place regardless of whether it was
       listed or not.  Reported by Christos Papakonstantinou of Cantina and
       Spearbit (closes: #1132574).
     - CVE-2026-35388: ssh(1): connection multiplexing confirmation
       (requested using "ControlMaster ask/autoask") was not being tested for
       proxy mode multiplexing sessions (i.e. "ssh -O proxy ..."). Reported
       by Michalis Vasileiadis (closes: #1132575).
Checksums-Sha1:
 8371501e08bd6e9998767c58aa53c57dbaddc4fd 3787028 openssh-client-dbgsym_9.2p1-2+deb12u10_arm64.deb
 5b52319b0aca6e47f952f786a7b825cd14e2783b 337432 openssh-client-udeb_9.2p1-2+deb12u10_arm64.udeb
 e22aa81da79c08c350bbfdee005d8b69ee1c7929 934580 openssh-client_9.2p1-2+deb12u10_arm64.deb
 e8e6abda333c88e0ee4fa7850c75cf0abd43ae9f 943952 openssh-server-dbgsym_9.2p1-2+deb12u10_arm64.deb
 650be9019e5f65ed6a05a7476a1c578ebcf91436 352568 openssh-server-udeb_9.2p1-2+deb12u10_arm64.udeb
 62bc536eaf22cbfd6db1590d9eb49f8929abbac1 412488 openssh-server_9.2p1-2+deb12u10_arm64.deb
 59208550d988d14aff8f9c94754d84ba27f30bac 166840 openssh-sftp-server-dbgsym_9.2p1-2+deb12u10_arm64.deb
 a37827e939492669d21d73b095795ec33149bd39 60252 openssh-sftp-server_9.2p1-2+deb12u10_arm64.deb
 2557811bce561cd9cc2c6fcbc53c0c5ed3e1b379 2959836 openssh-tests-dbgsym_9.2p1-2+deb12u10_arm64.deb
 6369dda36702692c9326b782dfa86bc93c339f9b 1017552 openssh-tests_9.2p1-2+deb12u10_arm64.deb
 a79375bedd6e1135f30ecd7eff51dc6dbac9e721 18825 openssh_9.2p1-2+deb12u10_arm64-buildd.buildinfo
 b4abdc00cfa986fa2b5797d3122c03637a226e97 16992 ssh-askpass-gnome-dbgsym_9.2p1-2+deb12u10_arm64.deb
 6582906bf4e2d851bb966acd216a4d20e69c8984 189092 ssh-askpass-gnome_9.2p1-2+deb12u10_arm64.deb
Checksums-Sha256:
 817e65c0e0b110d4abba8902409403078e541bfa54262e19656266289e121399 3787028 openssh-client-dbgsym_9.2p1-2+deb12u10_arm64.deb
 510ff6410308bb2478320aa6ab445b429d5d456b7bebe4bd03cb783c1a0e43d6 337432 openssh-client-udeb_9.2p1-2+deb12u10_arm64.udeb
 72f7cb7eb432038a62cd89e0552b352a514e880fe3907e73dc50ca2ef6d088d7 934580 openssh-client_9.2p1-2+deb12u10_arm64.deb
 daf486fa887336eaff453c03da5f089b9c263932974366f271c66f97190e9c80 943952 openssh-server-dbgsym_9.2p1-2+deb12u10_arm64.deb
 0ce95cc6404f072a0ee7ea3f7e91740ec0b2fc5ecc925fe378d94028d60726d5 352568 openssh-server-udeb_9.2p1-2+deb12u10_arm64.udeb
 63ea95107e522de7a8da9a841f3b9442875f9d064087d6ef8e5b4d21291016a9 412488 openssh-server_9.2p1-2+deb12u10_arm64.deb
 f86d750198050f2c4c193dc89751b050fe0c26e93366f0ecff2b60ed481b54e0 166840 openssh-sftp-server-dbgsym_9.2p1-2+deb12u10_arm64.deb
 d2a4eb41629bbc929318cdccac043f2f5934c2e4c12f72d7f9c73b3668feab6f 60252 openssh-sftp-server_9.2p1-2+deb12u10_arm64.deb
 74b708f03baadf4e08e010eec0316371a928bc8d1c7c4a1e9770884eb876f5c4 2959836 openssh-tests-dbgsym_9.2p1-2+deb12u10_arm64.deb
 1ae7435f4e7c1e314c4531afa4c7abf330962bfa978b4b3208b81987c6df9dc9 1017552 openssh-tests_9.2p1-2+deb12u10_arm64.deb
 1160817de72a482cc7c28e7e65d0ee1cdb2c56f4a7b416644b2673dbf9afbc41 18825 openssh_9.2p1-2+deb12u10_arm64-buildd.buildinfo
 3d926ecf9d17335c1bfeb88912dea78851fcd4725636cda6ada5f7e71695755e 16992 ssh-askpass-gnome-dbgsym_9.2p1-2+deb12u10_arm64.deb
 5d77c82af6f2bd7793e5d62ebb250b9bf67b2c89b40fcae23e82d3bffbf4951c 189092 ssh-askpass-gnome_9.2p1-2+deb12u10_arm64.deb
Files:
 ea75d56d6892a4cb877bef3126f6ec3d 3787028 debug optional openssh-client-dbgsym_9.2p1-2+deb12u10_arm64.deb
 4fa8b2cb131690e4c5f74971ae5d5821 337432 debian-installer optional openssh-client-udeb_9.2p1-2+deb12u10_arm64.udeb
 199715bc18208d2e263765f850a6e8a6 934580 net standard openssh-client_9.2p1-2+deb12u10_arm64.deb
 1d343134dfc1641a389aca7603774b97 943952 debug optional openssh-server-dbgsym_9.2p1-2+deb12u10_arm64.deb
 36ba20c9864e94d6de98ef59d718842e 352568 debian-installer optional openssh-server-udeb_9.2p1-2+deb12u10_arm64.udeb
 389db7dfb562f9b4c1b7203bdf754cbe 412488 net optional openssh-server_9.2p1-2+deb12u10_arm64.deb
 b454ed94a877d457e713e39215c5fd2f 166840 debug optional openssh-sftp-server-dbgsym_9.2p1-2+deb12u10_arm64.deb
 c317af3098c9ca4222d48e55631f4a3e 60252 net optional openssh-sftp-server_9.2p1-2+deb12u10_arm64.deb
 7d1aa21b9c503d506d48ec274a1dc1bf 2959836 debug optional openssh-tests-dbgsym_9.2p1-2+deb12u10_arm64.deb
 513e1a946514931cdb653f6e33075b34 1017552 net optional openssh-tests_9.2p1-2+deb12u10_arm64.deb
 e17201977e61d75a0a939099b2a2aad4 18825 net standard openssh_9.2p1-2+deb12u10_arm64-buildd.buildinfo
 11ceb2b4244bdd5885cbc9f37b10e82a 16992 debug optional ssh-askpass-gnome-dbgsym_9.2p1-2+deb12u10_arm64.deb
 d0be4a72d0dbe9e5ce699794f6ee7387 189092 gnome optional ssh-askpass-gnome_9.2p1-2+deb12u10_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7rv+l3KtZdQea77lnwznazfjXToFAmn6PBAACgkQnwznazfj
XToNZw/+NfpdlBJCrdKVhcxSoHYBDYkc/6vUYOdDvcUUaT92FBFUWvBSDo1iwdY7
jtTt7KotpnP4fYhyLcNRuoPSEGLUe+7wSHctizmx5W4ROrB1bsHU/4nzhUdQM/y4
4CfU0eGfyYTGwJxGDdO07P7NrTZup9zTVUi37cbL9WB8AJ1LhP8urcfgSDuI0WCo
q35/Qa2LWDOT0PUsXoyj7nO5Qf+GF7VkKztY28lgYsqminghObOuYloUDGsUPahp
f7hhQsWvDODu8OqKlYPcIw2IvDwgSScsY4PkUihaUcGaF2b+Y6NnbF9vuWW3SSLk
JyzQswkC8Nc++wvuGina4dVwrMHE4+gwvfZNfVx/9UcTRsUvASkAtG0LNpmYFfzn
FL9e9E5U4vXX4Jqi+OSA1PJiDoe0B/DhsFJzxUyQWDtw8duSArVPN0Lx8ViHeshn
usLOwdQZLebHOWG965fx5rDNiELZno0Ys2FgEcuUpIdrZe1NMb919iV/PAUEJHor
kTWftexzI3Xfxt3P7mDP0/35YqzcdAVRoDTLc7MVisPOFAL+c3+Y2NMrFnyYEsT8
nQ6i80MKvqA0YXMfbC/NSo2sSVMuXTbFSQxohWOld7pPOvFpWY/TaHK7QZ8Ll3y0
mplGeRYk5+BHO67qqiaXJf2tYc3aZ9wsa5hBXR6Bl6P/rcoN/ps=
=VglN
-----END PGP SIGNATURE-----