Skip to content

[Deepin Integration]~[v25-Release] fix(openssh): CVE-2026-35387/35388/35414 security fixes (backport) by deepin-ci-robot@deepin-community/openssh by deepin-community-ci-bot[bot] #13433

Open
Open
[Deepin Integration]~[v25-Release] fix(openssh): CVE-2026-35387/35388/35414 security fixes (backport) by deepin-ci-robot@deepin-community/openssh by deepin-community-ci-bot[bot]#13433
Assignees
Zeno-solehudeng-go
Labels
Project:integrated集成管理相关
Milestone
v25-Release
@deepin-bot

Description

@deepin-bot
deepin-bot
bot
opened on Jun 11, 2026

Package information | 软件包信息

包名 版本
openssh 1:9.9p2-0deepin8

Package repository address | 软件包仓库地址

deb [trusted=yes] https://ci.deepin.com/repo/obs/deepin:/CI:/TestingIntegration:/test-integration-pr-4149/testing/ ./

Changelog | 更新信息

openssh (1:9.9p2-0deepin8) unstable; urgency=medium

  • Security fixes:
    • d/p/0039-upstream-CVE-2026-35388-mux-askpass.patch
      Add missing ControlMaster ask/autoask check for proxy mode multiplexing
      Fixes: CVE-2026-35388
    • d/p/0040-upstream-CVE-2026-35387-35414-ecdsa-principals.patch
      Correctly match ECDSA signature algorithms against algorithm allowlists;
      fix authorized_keys principals option matching with comma characters
      Fixes: CVE-2026-35387, CVE-2026-35414

Metadata

Metadata

Assignees

Labels

Project:integrated集成管理相关

Type

No type

Fields

No fields configured for issues without a type.

Projects

集成管理
Status
In progress

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions