-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 05 May 2026 11:26:56 +0100
Source: openssh
Binary: openssh-client openssh-client-dbgsym openssh-client-udeb openssh-server openssh-server-dbgsym openssh-server-udeb openssh-sftp-server openssh-sftp-server-dbgsym openssh-tests openssh-tests-dbgsym ssh-askpass-gnome ssh-askpass-gnome-dbgsym
Architecture: armhf
Version: 1:9.2p1-2+deb12u10
Distribution: bookworm
Urgency: medium
Maintainer: armhf Build Daemon (arm-ubc-04) <buildd_arm64-arm-ubc-04@buildd.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 openssh-tests - OpenSSH regression tests
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
Closes: 1132572 1132573 1132574 1132575 1132576
Changes:
 openssh (1:9.2p1-2+deb12u10) bookworm; urgency=medium
 .
   * Backport minor security fixes from 10.3p1:
     - ssh(1): the -J and equivalent -oProxyJump="..." options now validate
       user and host names for ProxyJump/-J options passed via the
       command-line (no such validation is performed for this option in
       configuration files). This prevents shell injection in situations
       where these were directly exposed to adversarial input, which would
       have been a terrible idea to begin with.
     - CVE-2026-35386: ssh(1): validation of shell metacharacters in user
       names supplied on the command-line was performed too late to prevent
       some situations where they could be expanded from %-tokens in
       ssh_config. For certain configurations, such as those that use a "%u"
       token in a "Match exec" block, an attacker who can control the user
       name passed to ssh(1) could potentially execute arbitrary shell
       commands. Reported by Florian Kohnhäuser (closes: #1132573).
       We continue to recommend against directly exposing ssh(1) and other
       tools' command-lines to untrusted input. Mitigations such as this can
       not be absolute given the variety of shells and user configurations in
       use.
     - CVE-2026-35414: sshd(8): when matching an authorized_keys
       principals="" option against a list of principals in a certificate, an
       incorrect algorithm was used that could allow inappropriate matching
       in cases where a principal name in the certificate contains a comma
       character. Exploitation of the condition requires an authorized_keys
       principals="" option that lists more than one principal *and* a CA
       that will issue a certificate that encodes more than one of these
       principal names separated by a comma (typical CAs strongly constrain
       which principal names they will place in a certificate). This
       condition only applies to user- trusted CA keys in authorized_keys,
       the main certificate authentication path
       (TrustedUserCAKeys/AuthorizedPrincipalsFile) is not affected. Reported
       by Vladimir Tokarev (closes: #1132576).
     - CVE-2026-35385: scp(1): when downloading files as root in legacy (-O)
       mode and without the -p (preserve modes) flag set, scp did not clear
       setuid/setgid bits from downloaded files as one might typically
       expect. This bug dates back to the original Berkeley rcp program.
       Reported by Christos Papakonstantinou of Cantina and Spearbit (closes:
       #1132572).
     - CVE-2026-35387: sshd(8): fix incomplete application of
       PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard
       to ECDSA keys. Previously if one of these directives contains any
       ECDSA algorithm name (say "ecdsa-sha2-nistp384"), then any other ECDSA
       algorithm would be accepted in its place regardless of whether it was
       listed or not.  Reported by Christos Papakonstantinou of Cantina and
       Spearbit (closes: #1132574).
     - CVE-2026-35388: ssh(1): connection multiplexing confirmation
       (requested using "ControlMaster ask/autoask") was not being tested for
       proxy mode multiplexing sessions (i.e. "ssh -O proxy ..."). Reported
       by Michalis Vasileiadis (closes: #1132575).
Checksums-Sha1:
 0c5e0bcb2d840f48023008bad9f960656e71d3a5 3582184 openssh-client-dbgsym_9.2p1-2+deb12u10_armhf.deb
 d19fa688471e7e6ea56752b584832a7712d1e5a9 343776 openssh-client-udeb_9.2p1-2+deb12u10_armhf.udeb
 2210160a89cb979f3e3303d83ebd8db471f353fc 900936 openssh-client_9.2p1-2+deb12u10_armhf.deb
 668b45331164420792614b36ab7a49eb9b4f1cbe 948224 openssh-server-dbgsym_9.2p1-2+deb12u10_armhf.deb
 a0b1949ac14ac29b232dfa42bcf1420e55b94eab 359560 openssh-server-udeb_9.2p1-2+deb12u10_armhf.udeb
 9869a01abc7f273af474de707c9dbe800cdc16fa 418324 openssh-server_9.2p1-2+deb12u10_armhf.deb
 1bcadf25c895ed7f8cf059f968f6d58ef8126b64 168860 openssh-sftp-server-dbgsym_9.2p1-2+deb12u10_armhf.deb
 6778b43edeab68fabd5d5dd81e48c4c90dbca5ee 60560 openssh-sftp-server_9.2p1-2+deb12u10_armhf.deb
 604630499f102bfbd119f9452d1f17dd258a6a5a 2808732 openssh-tests-dbgsym_9.2p1-2+deb12u10_armhf.deb
 419f3ad09d770eac8de22c454086c652fec0449e 960712 openssh-tests_9.2p1-2+deb12u10_armhf.deb
 0764751989a828a05141477da1d3668cf009b722 18666 openssh_9.2p1-2+deb12u10_armhf-buildd.buildinfo
 27884f8697c8e0a7c5d92b081d766932eec43dc6 16968 ssh-askpass-gnome-dbgsym_9.2p1-2+deb12u10_armhf.deb
 9856652396da0e57814fb9f696c6bd14c69dd6d3 188664 ssh-askpass-gnome_9.2p1-2+deb12u10_armhf.deb
Checksums-Sha256:
 6abecef48b3a7fbb3f356194d6db5c813347e5a1a5f3265e090b132b36e40e56 3582184 openssh-client-dbgsym_9.2p1-2+deb12u10_armhf.deb
 eddc092840379ed27b3f7b07cf5bc170b6a4a2e49b09ca7f2fd318c890399d5d 343776 openssh-client-udeb_9.2p1-2+deb12u10_armhf.udeb
 11ccc88f685ba2425be9d5dc9ff16a2e34bdec7e92fb673244f257b33edcd979 900936 openssh-client_9.2p1-2+deb12u10_armhf.deb
 042a59fdee1647a3782b4abef5c0844b39b60d8765057e085c9168505ff553c1 948224 openssh-server-dbgsym_9.2p1-2+deb12u10_armhf.deb
 6cb9ac325dd43c34ef4e074959409dbf4ddfed0d11ae63118dd5f40db221a3f6 359560 openssh-server-udeb_9.2p1-2+deb12u10_armhf.udeb
 42c082154c9c674a8fe3e8f5d17829e09ee977e12c6f2b208e70d3b0e3ecdacc 418324 openssh-server_9.2p1-2+deb12u10_armhf.deb
 86b86885485222d6f4abea51361134a558973596f1b19de7694e288f226ffde2 168860 openssh-sftp-server-dbgsym_9.2p1-2+deb12u10_armhf.deb
 eb199775f6f60fb0abcff37001752cfb8b7d8b84dd81219ddecd39fd476db7cc 60560 openssh-sftp-server_9.2p1-2+deb12u10_armhf.deb
 1568f8700e8086e61393db56cd81e4135d959f2af08b4ff94d2db3dbc1505033 2808732 openssh-tests-dbgsym_9.2p1-2+deb12u10_armhf.deb
 b4f78a0b321ff138ecb511360e8f890bf4e6a578ae545fb79f344835f42e15e2 960712 openssh-tests_9.2p1-2+deb12u10_armhf.deb
 9619aa658229f496f0097c9442587c2fbe425b9ed62f260cf144338c44dc5822 18666 openssh_9.2p1-2+deb12u10_armhf-buildd.buildinfo
 1484a12d2ed1b7c12622c80bff814454f38262ced5b9e006e23990490fe8b719 16968 ssh-askpass-gnome-dbgsym_9.2p1-2+deb12u10_armhf.deb
 db77243ad1f8fce54741eb02cdc875e937fee52436225d70908a3a2858a45e51 188664 ssh-askpass-gnome_9.2p1-2+deb12u10_armhf.deb
Files:
 32a87760b24ae9dc8438d153a3e2ddbf 3582184 debug optional openssh-client-dbgsym_9.2p1-2+deb12u10_armhf.deb
 ab0dfe3b9f8785c5b5f6efc42a133ee7 343776 debian-installer optional openssh-client-udeb_9.2p1-2+deb12u10_armhf.udeb
 de24e56bcd5b6107c35b9a7fc848adf1 900936 net standard openssh-client_9.2p1-2+deb12u10_armhf.deb
 05f5950ffe697635cc2ad23cbf9acbfc 948224 debug optional openssh-server-dbgsym_9.2p1-2+deb12u10_armhf.deb
 16e470550033ad15c114143fe14b0501 359560 debian-installer optional openssh-server-udeb_9.2p1-2+deb12u10_armhf.udeb
 df94c03f7ae11c1ff1c8ac3ece7df940 418324 net optional openssh-server_9.2p1-2+deb12u10_armhf.deb
 3950817153d5e6ffa00a54ec13b4d8f6 168860 debug optional openssh-sftp-server-dbgsym_9.2p1-2+deb12u10_armhf.deb
 2bbad88bd1e78113d3e9485e0e58c103 60560 net optional openssh-sftp-server_9.2p1-2+deb12u10_armhf.deb
 bcc636d3034b93a2e524ece47de7d4b3 2808732 debug optional openssh-tests-dbgsym_9.2p1-2+deb12u10_armhf.deb
 47a0fc302f268ced6ddef88f99b6014b 960712 net optional openssh-tests_9.2p1-2+deb12u10_armhf.deb
 eccd5a17a5cde5cb51e8541fc9e7628e 18666 net standard openssh_9.2p1-2+deb12u10_armhf-buildd.buildinfo
 d6c261232c56efc165c317f86efe7bd3 16968 debug optional ssh-askpass-gnome-dbgsym_9.2p1-2+deb12u10_armhf.deb
 26293c961f573d76fb03466d25104162 188664 gnome optional ssh-askpass-gnome_9.2p1-2+deb12u10_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEECx5fXZYVNP9tMtwlK1PZBedPspoFAmn6PLAACgkQK1PZBedP
sppnxg/9HGbVolIDJCcnrEHzXx+/KwlQvdbrXO8+y9k7e9OxqIuFkFm6pmWGFvs9
KMo3o3sldqkhk4rciXYJJM3EPX07zVWjo094Ujgz/DidatbnF/DVq7nmn93Oc3KY
9Dfkj7BhDpP7c+MEFt6XiRwpAGuoJQhrzHJnTWijLJUY5FeOD5xT7cvL5bk9xg5n
axQCgOBdvwPU5ehAU9dYJVxOHa1shtEpJM1jM5yriSxZShny5RlRQXgb9SoTMtCq
/WM2QP30isUQx2NoN9AiEF62b6j6Rh+O9Minysr4NN5pLGBzolWhLhJNCDSBQ3Fi
dQl7IjvvsSbnCdSivhQObAvIm5SjE5iqA94E1aSIp6bDIlIm3Mivwi8rlk1kXvuC
03sZpyo6kj2MH8nkXhoWLMZH1UgHBPZlc8sAwnB9qMto588l8YdMrT7QsVw4voIM
00WUTS7x3KuBIdUwY27Vtw8rCO/pf1DAyOy3C2PgW6pCxuvHrfp22p9z0GwqAiyO
4owa4VvuHRpUAqcMCGBulyjwDC4dVP6W49cLH4ittP/LfThMFt6PDEIDkb1HCzMQ
prjblfc76Abxv3O8ez5uYlU2wpE16ncsl7IVeWN31Z0xCr9twdfHcyIl7+7vPQ1e
ZUreJc62qrSelOKjyT9ux2TUWrV3VggpylNTKfT2C72voCR3t1A=
=PACL
-----END PGP SIGNATURE-----