Skip to content

fix(openssh): CVE-2026-35387/35388/35414 security fixes (backport)#19

Closed
deepin-ci-robot wants to merge 1 commit into
masterfrom
fix-cve-openssh-4
Closed

fix(openssh): CVE-2026-35387/35388/35414 security fixes (backport)#19
deepin-ci-robot wants to merge 1 commit into
masterfrom
fix-cve-openssh-4

Conversation

@deepin-ci-robot

@deepin-ci-robot deepin-ci-robot commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Backport 3 security fixes from OpenSSH 10.3:

CVE-2026-35386 (shell metachar) partially covered by existing 0035/0037 patches.

All patches verified with quilt fuzz=0.

Co-Authored-By: hudeng hudeng@deepin.org
Generated-By: deepseek-v4-flash

@deepin-ci-robot

deepin-ci-robot commented Jun 11, 2026

Copy link
Copy Markdown
Contributor Author

/hold
因为该quilt包的上游版本号变更,详情见: deepin-community/infra-settings#134

@github-actions

github-actions Bot commented Jun 11, 2026

Copy link
Copy Markdown

TAG Bot

TAG: 1%9.9p2-0deepin8
EXISTED: no
DISTRIBUTION: unstable

@deepin-ci-robot

deepin-ci-robot commented Jun 11, 2026

Copy link
Copy Markdown
Contributor Author

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign tsic404 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Zeno-sole

Zeno-sole commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

/integrate

@deepin-community-ci-bot deepin-community-ci-bot Bot mentioned this pull request Jun 11, 2026
Open
@github-actions

github-actions Bot commented Jun 11, 2026

Copy link
Copy Markdown

AutoIntegrationPr Bot
auto integrate with pr url: deepin-community/Repository-Integration#4149
PrNumber: 4149
PrBranch: auto-integration-27328583777

@deepin-ci-robot deepin-ci-robot force-pushed the fix-cve-openssh-4 branch 4 times, most recently from 8c6d64c to 98f48f6 Compare June 11, 2026 11:15
@deepin-ci-robot @hudeng-go
fix(openssh): CVE-2026-35387/35388/35414 backport security fixes
283e269 
Backport 2 security fixes from OpenSSH 10.3:

- 0039: CVE-2026-35388 - Missing ControlMaster ask/autoask for proxy mode
- 0040: CVE-2026-35387 - ECDSA signature algorithm allowlist matching
       CVE-2026-35414 - authorized_keys principals comma character fix

Co-Authored-By: hudeng <hudeng@deepin.org>
Generated-By: deepseek-v4-flash
@hudeng-go

hudeng-go commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

/integrate

@Zeno-sole Zeno-sole closed this Jun 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chenchongbiao chenchongbiao Awaiting requested review from chenchongbiao

@myml myml Awaiting requested review from myml

Assignees

No one assigned

Labels

do-not-merge/hold generated-by-ai

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@deepin-ci-robot @Zeno-sole @hudeng-go