diff -Nru phpseclib-1.0.20/debian/changelog phpseclib-1.0.20/debian/changelog
--- phpseclib-1.0.20/debian/changelog	2026-03-24 18:16:23.000000000 +0100
+++ phpseclib-1.0.20/debian/changelog	2026-04-19 11:37:43.000000000 +0200
@@ -1,6 +1,14 @@
+phpseclib (1.0.20-1+deb12u4) bookworm; urgency=medium
+
+  * Fix bug number in previous changelog entry
+  * SSH2: use constant time string comparison in get_binary_packet()
+    [CVE-2026-40194]
+
+ -- David Prévot <taffit@debian.org>  Sun, 19 Apr 2026 11:37:43 +0200
+
 phpseclib (1.0.20-1+deb12u3) bookworm-security; urgency=medium
 
-  * make unpadding constant time [CVE-2026-32935] (Closes: #1131485)
+  * make unpadding constant time [CVE-2026-32935] (Closes: #1131484)
   * X509: fix for weird characters in subjaltname [CVE-2023-52892]
 
  -- David Prévot <taffit@debian.org>  Tue, 24 Mar 2026 18:16:23 +0100
diff -Nru phpseclib-1.0.20/debian/patches/0016-SSH2-use-constant-time-string-comparison-in-get_bina.patch phpseclib-1.0.20/debian/patches/0016-SSH2-use-constant-time-string-comparison-in-get_bina.patch
--- phpseclib-1.0.20/debian/patches/0016-SSH2-use-constant-time-string-comparison-in-get_bina.patch	1970-01-01 01:00:00.000000000 +0100
+++ phpseclib-1.0.20/debian/patches/0016-SSH2-use-constant-time-string-comparison-in-get_bina.patch	2026-04-19 11:37:07.000000000 +0200
@@ -0,0 +1,58 @@
+From: terrafrost <terrafrost@php.net>
+Date: Thu, 9 Apr 2026 18:14:19 -0500
+Subject: SSH2: use constant time string comparison in get_binary_packet():
+
+Origin: backport, https://github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194ac
+Bug: https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2026-40194
+---
+ phpseclib/Net/SSH2.php | 31 ++++++++++++++++++++++++++++++-
+ 1 file changed, 30 insertions(+), 1 deletion(-)
+
+diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php
+index 93375df..c90c0e2 100644
+--- a/phpseclib/Net/SSH2.php
++++ b/phpseclib/Net/SSH2.php
+@@ -3686,7 +3686,7 @@ class Net_SSH2
+                 $this->bitmap = 0;
+                 user_error('Error reading socket');
+                 return false;
+-            } elseif ($hmac != $this->hmac_check->hash(pack('NNCa*', $this->get_seq_no, $packet_length, $padding_length, $payload . $padding))) {
++            } elseif (!$this->_equals($hmac, $this->hmac_check->hash(pack('NNCa*', $this->get_seq_no, $packet_length, $padding_length, $payload . $padding)))) {
+                 user_error('Invalid HMAC');
+                 return false;
+             }
+@@ -5488,4 +5488,33 @@ class Net_SSH2
+     {
+         $this->smartMFA = false;
+     }
++
++    /**
++     * Constant time equality testing
++     *
++     * Pretty much copy / pasted from Crypt/RSA.php
++     *
++     * @access private
++     * @param string $x
++     * @param string $y
++     * @return bool
++     */
++    function _equals($x, $y)
++    {
++        if (function_exists('hash_equals')) {
++            return hash_equals($x, $y);
++        }
++
++        if (strlen($x) != strlen($y)) {
++            return false;
++        }
++
++        $result = "\0";
++        $x^= $y;
++        for ($i = 0; $i < strlen($x); $i++) {
++            $result|= $x[$i];
++        }
++
++        return $result === "\0";
++    }
+ }
diff -Nru phpseclib-1.0.20/debian/patches/series phpseclib-1.0.20/debian/patches/series
--- phpseclib-1.0.20/debian/patches/series	2026-03-24 18:16:23.000000000 +0100
+++ phpseclib-1.0.20/debian/patches/series	2026-04-19 11:37:07.000000000 +0200
@@ -13,3 +13,4 @@
 0013-BigInteger-fix-getLength.patch
 0014-make-unpadding-constant-time.patch
 0015-X509-fix-for-weird-characters-in-subjaltname.patch
+0016-SSH2-use-constant-time-string-comparison-in-get_bina.patch