Debian 10223 Published by

A libssh2 regression update has been released for Debian GNU/Linux 7 Extended LTS to fix an issue with the previous update



Package: libssh2
Version: 1.4.2-1.1+deb7u4
Related CVE: CVE-2019-3859
This regression update follows up on an upstream regression update [1] regarding CVE-2019-3859.

With the previous libssh2 package revision, it was observed that user authentication with private/public key pairs would fail under certain circumstances.

[1] https://github.com/libssh2/libssh2/pull/327

For Debian 7 Wheezy, these problems have been fixed in version 1.4.2-1.1+deb7u4.

We recommend that you upgrade your libssh2 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/