Bug#1137516: marked as done (golang-go.crypto: CVE-2026-39827 CVE-2026-39828 CVE-2026-39829 CVE-2026-39830 CVE-2026-39831 CVE-2026-39832 CVE-2026-39833 CVE-2026-39834 CVE-2026-39835 CVE-2026-42508 CVE-2026-46595 CVE-2026-46597 CVE-2026-46598)

[Debian Bug Tracking System]

Your message dated Sun, 24 May 2026 21:33:47 +0000
with message-id <e1wrgsb-00000000p47-3...@fasolo.debian.org>
and subject line Bug#1137516: fixed in golang-go.crypto 1:0.52.0-1
has caused the Debian Bug report #1137516,
regarding golang-go.crypto: CVE-2026-39827 CVE-2026-39828 CVE-2026-39829 
CVE-2026-39830 CVE-2026-39831 CVE-2026-39832 CVE-2026-39833 CVE-2026-39834 
CVE-2026-39835 CVE-2026-42508 CVE-2026-46595 CVE-2026-46597 CVE-2026-46598
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1137516: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: golang-go.crypto
Version: 1:0.50.0-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerabilities were published for golang-go.crypto.

I make it RC as the update to 0.52.0 upstream owuld cover a
substantial set of CVEs to be fixed for forky.

CVE-2026-39827[0]:
| An authenticated SSH client that repeatedly opened channels which
| were rejected by the server caused unbounded memory growth,
| eventually crashing the server process and affecting all connected
| users. Rejected channels are now properly removed from the
| connection's internal state and released for garbage collection.


CVE-2026-39828[1]:
| When an SSH server authentication callback returned
| PartialSuccessError with non-nil Permissions, those permissions were
| silently discarded, potentially dropping certificate restrictions
| such as force-command after a second factor succeeded. Returning
| non-nil Permissions with PartialSuccessError now results in a
| connection error.


CVE-2026-39829[2]:
| The RSA and DSA public key parsers did not enforce size limits on
| key parameters. A crafted public key with an excessively large
| modulus or DSA parameter could cause several minutes of CPU
| consumption during signature verification. This could be triggered
| by unauthenticated clients during public key authentication. RSA
| moduli are now limited to 8192 bits, and DSA parameters are
| validated per FIPS 186-2.


CVE-2026-39830[3]:
| A malicious SSH peer could send unsolicited global request responses
| to fill an internal buffer, blocking the connection's read loop. The
| blocked goroutine could not be released by calling Close(),
| resulting in a resource leak per connection. Unsolicited global
| responses are now discarded.


CVE-2026-39831[4]:
| The Verify() method for FIDO/U2F security key types (sk-ecdsa-
| sha2-nistp...@openssh.com, sk-ssh-ed25...@openssh.com) did not check
| the User Presence flag. Signatures generated without physical touch
| were accepted, allowing unattended use of a hardware security key.
| To restore the previous behavior, return a "no-touch-required"
| extension in Permissions.Extensions from PublicKeyCallback.


CVE-2026-39832[5]:
| When adding a key to a remote agent constraint extensions such as
| restrict-destination-...@openssh.com were not serialized in the
| request. Destination restrictions were silently stripped when
| forwarding keys, allowing unrestricted use of the key on the remote
| host. The client now serializes all constraint extensions.
| Additionally, the in-memory keyring returned by NewKeyring() now
| rejects keys with unsupported constraint extensions instead of
| silently ignoring them.


CVE-2026-39833[6]:
| The in-memory keyring returned by NewKeyring() silently accepted
| keys with the ConfirmBeforeUse constraint but never enforced it. The
| key would sign without any confirmation prompt, with no indication
| to the caller that the constraint was not in effect. NewKeyring()
| now returns an error when unsupported constraints are requested.


CVE-2026-39834[7]:
| When writing data larger than 4GB in a single Write call on an SSH
| channel, an integer overflow in the internal payload size
| calculation caused the write loop to spin indefinitely, sending
| empty packets without making progress. The size comparison now uses
| int64 to prevent truncation.


CVE-2026-39835[8]:
| SSH servers which use CertChecker as a public key callback without
| setting IsUserAuthority or IsHostAuthority could be caused to panic
| by a client presenting a certificate. CertChecker now returns an
| error instead of panicking when these callbacks are nil.


CVE-2026-42508[9]:
| Previously, a revoked 'SignatureKey' belonging to a CA was not
| correctly checked for revocation. Now, both the 'key' and
| 'key.SignatureKey' are checked for @revoked.


CVE-2026-46595[10]:
| Previously, CVE-2024-45337 fixed an authorization bypass for misused
| ssh server configurations; if any other type of callback is passed
| other than public key, then the source-address validation would be
| skipped.


CVE-2026-46597[11]:
| An incorrectly placed cast from bytes to int allowed for server-side
| panic in the AES-GCM packet decoder for well-crafted inputs.


CVE-2026-46598[12]:
| For certain crafted inputs, a 'ed25519.PrivateKey' was created by
| casting malformed wire bytes, leading to a panic when used.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-39827
    https://www.cve.org/CVERecord?id=CVE-2026-39827
[1] https://security-tracker.debian.org/tracker/CVE-2026-39828
    https://www.cve.org/CVERecord?id=CVE-2026-39828
[2] https://security-tracker.debian.org/tracker/CVE-2026-39829
    https://www.cve.org/CVERecord?id=CVE-2026-39829
[3] https://security-tracker.debian.org/tracker/CVE-2026-39830
    https://www.cve.org/CVERecord?id=CVE-2026-39830
[4] https://security-tracker.debian.org/tracker/CVE-2026-39831
    https://www.cve.org/CVERecord?id=CVE-2026-39831
[5] https://security-tracker.debian.org/tracker/CVE-2026-39832
    https://www.cve.org/CVERecord?id=CVE-2026-39832
[6] https://security-tracker.debian.org/tracker/CVE-2026-39833
    https://www.cve.org/CVERecord?id=CVE-2026-39833
[7] https://security-tracker.debian.org/tracker/CVE-2026-39834
    https://www.cve.org/CVERecord?id=CVE-2026-39834
[8] https://security-tracker.debian.org/tracker/CVE-2026-39835
    https://www.cve.org/CVERecord?id=CVE-2026-39835
[9] https://security-tracker.debian.org/tracker/CVE-2026-42508
    https://www.cve.org/CVERecord?id=CVE-2026-42508
[10] https://security-tracker.debian.org/tracker/CVE-2026-46595
    https://www.cve.org/CVERecord?id=CVE-2026-46595
[11] https://security-tracker.debian.org/tracker/CVE-2026-46597
    https://www.cve.org/CVERecord?id=CVE-2026-46597
[12] https://security-tracker.debian.org/tracker/CVE-2026-46598
    https://www.cve.org/CVERecord?id=CVE-2026-46598
[13] https://www.openwall.com/lists/oss-security/2026/05/22/6

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: golang-go.crypto
Source-Version: 1:0.52.0-1
Done: Simon Josefsson <si...@josefsson.org>

We believe that the bug you reported is fixed in the latest version of
golang-go.crypto, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1137...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon Josefsson <si...@josefsson.org> (supplier of updated golang-go.crypto 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 24 May 2026 22:57:56 +0200
Source: golang-go.crypto
Architecture: source
Version: 1:0.52.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org>
Changed-By: Simon Josefsson <si...@josefsson.org>
Closes: 1137516
Changes:
 golang-go.crypto (1:0.52.0-1) unstable; urgency=medium
 .
   * Team upload
   * New upstream (Closes: #1137516)
     - CVE-2026-39827 CVE-2026-39828 CVE-2026-39829 CVE-2026-39830
       CVE-2026-39831 CVE-2026-39832 CVE-2026-39833 CVE-2026-39834
       CVE-2026-39835 CVE-2026-42508 CVE-2026-46595 CVE-2026-46597
       CVE-2026-46598
   * Bump upstream copyright years
Checksums-Sha1:
 6f9ac3a81cc5e870839cff2442df91d3ff6987d1 2664 golang-go.crypto_0.52.0-1.dsc
 b44061376c5c7f4e3fdf0d3417a1d97438981956 1834988 
golang-go.crypto_0.52.0.orig.tar.xz
 054ce2c06cf6bcda57fe3c97bc25105a2c14e6b5 92772 
golang-go.crypto_0.52.0-1.debian.tar.xz
 d83ec7d3edb25679193bb73b63d91fda842e6ae8 3366484 
golang-go.crypto_0.52.0-1.git.tar.xz
 7084f373b7b9c6ef6f925a25a4a7e2501f0aac08 17464 
golang-go.crypto_0.52.0-1_source.buildinfo
Checksums-Sha256:
 3a5c187e54a1b3af31ae81b8b2816ef7117c22f826aa286eb87dcbd1844912d4 2664 
golang-go.crypto_0.52.0-1.dsc
 6424a022cb9c1c658db2cdd85626cde6ff77c2b1d808888890b0f4030b6bb1e0 1834988 
golang-go.crypto_0.52.0.orig.tar.xz
 b17ccaee15d45f853da9b9579ec426b26102db4daed9806e77c938014a20136a 92772 
golang-go.crypto_0.52.0-1.debian.tar.xz
 05709bd1a39f687e7b3b749909759689ec312733eab0591a02addc1a1f563a5b 3366484 
golang-go.crypto_0.52.0-1.git.tar.xz
 95ed93c44416c46e3ce49d74d99978678f385900fc7080a74555ef62303ad0cb 17464 
golang-go.crypto_0.52.0-1_source.buildinfo
Files:
 62ce37cb5617c5cc9ec76dd8d6196182 2664 golang optional 
golang-go.crypto_0.52.0-1.dsc
 30c03e63c073f21bfc745104d9db20c7 1834988 golang optional 
golang-go.crypto_0.52.0.orig.tar.xz
 084047159b32e9cca71e7c88e6583c59 92772 golang optional 
golang-go.crypto_0.52.0-1.debian.tar.xz
 815b1bb82c3b463766ea36a9edb466f2 3366484 golang None 
golang-go.crypto_0.52.0-1.git.tar.xz
 f672fb1bc53c1dbc132a2feb54958639 17464 golang optional 
golang-go.crypto_0.52.0-1_source.buildinfo
Git-Tag-Info: tag=69fad9b091deb58a64d2e83fdab751550d63aa27 
fp=a3cc9c870b9d310abad4cf2f51722b08fe4745a2
Git-Tag-Tagger: Simon Josefsson <si...@josefsson.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmoTaYAACgkQYG0ITkaD
wHm8qBAA6ehxYhzZDGUmqtlqFe+AjdQbvjH1eyXZPSC0qtnGT7aUrgp3YT4nWw7n
/+mELThdUGaLTmhx90u0fM2kyxr3fbidI+rf0se09o1eDFzz05fuCHcS/N8dwYa+
Nb1DdnHCANqwSn2zsod+r5zsa4pJ4TXYYrMdQXxpN/aNnJJcQ6BA0HAIatTzt7pU
fHgg2vYzg4cjKaFvh2U/y7Dfb72pgVa/CNMfnLtazAyGBkArzL0awv8FRQ2yniJP
mIrY6QVzh9PeyMCF0xw6VfsQCsu4uH+ORXhBW2HToG4IWDgmbXY0GnRLI9ar7m+n
oGsxtgIFlN3+5E55LgqPkdMl58k6M5p8SmREl6k6wDxvd9h7hGsWBa8XXIgFuSW6
k3TjE4K40hYK/lOtBjuj6XS0AP/jUxMkHjyT0FDfpbo/FPk8q9gTsEYwa1ekdcOU
4HPsh0bOnTBRmYwVraH2lgEDvR5USnXPukeBivDxU1rIDTl9x+Au4a1qaj4JwTgI
oCo+QbAeCxKSR3LaqEeKQ0hTb+HIYwIi+yayJqkLpsniFY4SI0NKThGDhLtTARF1
410lI5VwuztmuVDBdpfypRR7jp4JGy9W/bFKWuMm2BKO+9pOzr+g/xlAFtHrEFIw
GlM4jgKQLQVb5x7cH8to4arrP6OT8p7PXCFbgwG7VFuzRkjdVfA=
=ARHB
-----END PGP SIGNATURE-----

pgpyMvCkgnf5G.pgp
Description: PGP signature

--- End Message ---