Colin Watson uploaded new packages for openssh which fixed the
following security problems:
CVE-2026-3497 (DSA-6204-1)
Jeremy Brown discovered a flaw in the GSSAPI Key Exchange patch
applied in Debian to OpenSSH, an implementation of the SSH
protocol suite, affecting non-default configurations with the
GSSAPIKeyExchange setting enabled. A remote attacker can take
advantage of this flaw to cause a denial of service, or
potentially the execution of arbitrary code.
https://security-tracker.debian.org/tracker/CVE-2026-3497
For the trixie-backports distribution, the problem has been fixed in
version 1:10.2p1-6~bpo13+1.