Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1
purl pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (6)
Vulnerability Summary Aliases
VCID-792n-jkzj-qqhd In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode). CVE-2026-35385
VCID-8efr-budq-6bb6 OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters. CVE-2026-35414
VCID-a4eq-r71a-buhm In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config. CVE-2026-35386
VCID-ajmg-5kgx-k7h5 openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables CVE-2026-3497
VCID-bnrq-2fsr-mfgd OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. CVE-2026-35388
VCID-kgn5-p8kx-qucj OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms. CVE-2026-35387

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:07:42.170300+00:00 Debian Importer Fixing VCID-792n-jkzj-qqhd https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:05:40.512509+00:00 Debian Importer Fixing VCID-8efr-budq-6bb6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:51:17.468971+00:00 Debian Importer Fixing VCID-kgn5-p8kx-qucj https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:16:30.660979+00:00 Debian Importer Fixing VCID-ajmg-5kgx-k7h5 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:27:50.406343+00:00 Debian Importer Fixing VCID-a4eq-r71a-buhm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:46:37.159757+00:00 Debian Importer Fixing VCID-bnrq-2fsr-mfgd https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:01:44.682507+00:00 Debian Importer Fixing VCID-792n-jkzj-qqhd https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:16:01.272669+00:00 Debian Importer Fixing VCID-8efr-budq-6bb6 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:05:31.919685+00:00 Debian Importer Fixing VCID-kgn5-p8kx-qucj https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:40:10.162383+00:00 Debian Importer Fixing VCID-ajmg-5kgx-k7h5 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:03:37.521798+00:00 Debian Importer Fixing VCID-a4eq-r71a-buhm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T05:45:21.227831+00:00 Debian Importer Fixing VCID-bnrq-2fsr-mfgd https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-08T19:05:45.728134+00:00 Debian Importer Fixing VCID-ajmg-5kgx-k7h5 https://security-tracker.debian.org/tracker/data/json 38.1.0