CLSA-2026-1777567965 openssh: Fix of CVE-2026-35385
CVE-2026-35385: when downloading files as root in legacy -O mode and without the -p preserve modes flag, scp1 did not clear setuid/setgid bits from downloaded files. Backport upstream commit 487e8ac1 to mask out the setuid/setgid bits in this case...