CLSA-2026-1777296725 Fix CVE(s): CVE-2026-35414
SECURITY UPDATE: mishandling of authorizedkeys principals option - debian/patches/CVE-2026-35414.patch: replace matchlist with xstrdup + strsep + exact strcmp in matchprincipalsoption in auth2-pubkey.c, so certificate principals containing embedded commas are no longer wrongly cross-matched. -...