-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 06 May 2026 13:33:32 +0100
Source: openssh
Architecture: source
Version: 1:10.0p1-7+deb13u4
Distribution: trixie
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 1130595 1132572 1132573 1132574 1132575 1132576 1135798
Changes:
 openssh (1:10.0p1-7+deb13u4) trixie; urgency=medium
 .
   * Don't reuse c->isatty for signalling that the remote channel has a tty
     attached (closes: #1135798).
 .
 openssh (1:10.0p1-7+deb13u3) trixie; urgency=medium
 .
   * Backport minor security fixes from 10.3p1:
     - ssh(1): the -J and equivalent -oProxyJump="..." options now validate
       user and host names for ProxyJump/-J options passed via the
       command-line (no such validation is performed for this option in
       configuration files). This prevents shell injection in situations
       where these were directly exposed to adversarial input, which would
       have been a terrible idea to begin with.
     - CVE-2026-35386: ssh(1): validation of shell metacharacters in user
       names supplied on the command-line was performed too late to prevent
       some situations where they could be expanded from %-tokens in
       ssh_config. For certain configurations, such as those that use a "%u"
       token in a "Match exec" block, an attacker who can control the user
       name passed to ssh(1) could potentially execute arbitrary shell
       commands. Reported by Florian Kohnhäuser (closes: #1132573).
       We continue to recommend against directly exposing ssh(1) and other
       tools' command-lines to untrusted input. Mitigations such as this can
       not be absolute given the variety of shells and user configurations in
       use.
     - CVE-2026-35414: sshd(8): when matching an authorized_keys
       principals="" option against a list of principals in a certificate, an
       incorrect algorithm was used that could allow inappropriate matching
       in cases where a principal name in the certificate contains a comma
       character. Exploitation of the condition requires an authorized_keys
       principals="" option that lists more than one principal *and* a CA
       that will issue a certificate that encodes more than one of these
       principal names separated by a comma (typical CAs strongly constrain
       which principal names they will place in a certificate). This
       condition only applies to user- trusted CA keys in authorized_keys,
       the main certificate authentication path
       (TrustedUserCAKeys/AuthorizedPrincipalsFile) is not affected. Reported
       by Vladimir Tokarev (closes: #1132576).
     - CVE-2026-35385: scp(1): when downloading files as root in legacy (-O)
       mode and without the -p (preserve modes) flag set, scp did not clear
       setuid/setgid bits from downloaded files as one might typically
       expect. This bug dates back to the original Berkeley rcp program.
       Reported by Christos Papakonstantinou of Cantina and Spearbit (closes:
       #1132572).
     - CVE-2026-35387: sshd(8): fix incomplete application of
       PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard
       to ECDSA keys. Previously if one of these directives contains any
       ECDSA algorithm name (say "ecdsa-sha2-nistp384"), then any other ECDSA
       algorithm would be accepted in its place regardless of whether it was
       listed or not.  Reported by Christos Papakonstantinou of Cantina and
       Spearbit (closes: #1132574).
     - CVE-2026-35388: ssh(1): connection multiplexing confirmation
       (requested using "ControlMaster ask/autoask") was not being tested for
       proxy mode multiplexing sessions (i.e. "ssh -O proxy ..."). Reported
       by Michalis Vasileiadis (closes: #1132575).
   * Cherry-pick IPQoS handling updates from upstream:
     - Set default IPQoS for interactive sessions to Expedited Forwarding
       (EF).
     - Deprecate support for IPv4 type-of-service (TOS) IPQoS keywords.
     - Make ssh(1) and sshd(8) set IP QoS (aka IP_TOS, IPV6_TCLASS)
       continually at runtime based on what sessions/channels are open.
     - Correctly set extended type for client-side channels.  Fixes
       interactive vs bulk IPQoS for client->server traffic.
 .
 openssh (1:10.0p1-7+deb13u2) trixie-security; urgency=medium
 .
   * CVE-2026-3497: Fix incorrect GSS-API error handling; Replace incorrect
     use of sshpkt_disconnect() with ssh_packet_disconnect(), and properly
     initialize some variables (closes: #1130595; thanks, Marc Deslauriers).
Checksums-Sha1:
 7651f1e593d7286556598700aa1bbc38273616bf 3763 openssh_10.0p1-7+deb13u4.dsc
 5322cbd663e2d9e72726ec01a88ebd49c767a517 215600 openssh_10.0p1-7+deb13u4.debian.tar.xz
 d2fd5a034e631437412375c4e17168279c4b5489 53237612 openssh_10.0p1-7+deb13u4.git.tar.xz
 76f6ec4023fbdb12a1579021648e6423a98a6bc6 17386 openssh_10.0p1-7+deb13u4_source.buildinfo
Checksums-Sha256:
 73fed3fd77d60925ed342bcb0afd3c037e4ea0d39333107bf617aa90f859910f 3763 openssh_10.0p1-7+deb13u4.dsc
 102e1065030c6002acabd7f896eeba1462bf54b4d7393bac34b0308312868ec6 215600 openssh_10.0p1-7+deb13u4.debian.tar.xz
 68618631cc634059a9b061321af098fa29986cf67b1423a04f1b68b2cfa30efd 53237612 openssh_10.0p1-7+deb13u4.git.tar.xz
 aa0756d97dae64a0e31a2043e5cd0928c9ee22c8beafd9403d522d56063ca939 17386 openssh_10.0p1-7+deb13u4_source.buildinfo
Files:
 1d2c0582504849dd95fa0e3f1bcf1986 3763 net standard openssh_10.0p1-7+deb13u4.dsc
 cd617a64903b9e5e723c21983348b5e0 215600 net standard openssh_10.0p1-7+deb13u4.debian.tar.xz
 69cf6f3da54f68154078205636179525 53237612 net standard openssh_10.0p1-7+deb13u4.git.tar.xz
 d0e1c20b5c1efc602524612a18a720a3 17386 net standard openssh_10.0p1-7+deb13u4_source.buildinfo
Git-Tag-Info: tag=1d2a4689aeb611f9744c168417a8f213d84a2348 fp=ac0a4ff12611b6fccf01c111393587d97d86500b
Git-Tag-Tagger: Colin Watson <cjwatson@debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmn7NjkACgkQYG0ITkaD
wHkzBBAAtWjjdK5WLBVsDDlpldOgN2V0/nmlnkFGIGL3ajUhQ6ChVTGxxnkpUrib
9o1U42KQO0avc0lovzjTZATfWZvC45wTs0+BRFz1EwJe1QFkVqTecJSegDBPA/um
EE6JiV9arLWTkEoOOrtf+i16m2f1kRNStOenP9D/f/08Qnu3nnudWmQAIcTQdU/e
3jB+ulrHMhXI0I+L8h9oPCAm3Bb/cqsJ7s67tysApFymE0FHu8DffA6WlzTIfBBA
vZcGT10MpLLztSpgWIIh0EXWM/BNi4KYOXFEjXFgtbXhb7JfOMedh0/oF1zIx1NS
o37gqgMszP+tmbF4HQhWokl17W0+0Jh0jvDMUgxltzc0kprvLiPQ6oE2DWiw+pcH
3GCdqhsj+t/xAOzZquyN1ilQFuwLD5PftSSe2CDbzw+viyKSP4OyJFEn8I4jeCbH
oetg90ghxOiC4/Lvt9wiXKMWF0aMqNpCpdQOdSrrS+W3lQuI7XGHtT1h0LD8GRrS
OhC77AhpFQQsvLirUw39/XBDYesEbUnp4il89rvSx2oO5+bldf6a11CoSnyKKeSd
hpwlRXMn4nDcdW/HpF/0cGeGyVezbgdGUlNjvs57bSF16iFQ7lVRb5SEcnUzHExE
RfDnqA4DZx/4Dr574BOlEN3SomFTZq4EmkUNFl0I6+sIE5UjwRk=
=LYOe
-----END PGP SIGNATURE-----