ELA-99-2 libssh2 regression update

regression update

Packagelibssh2
Version1.4.2-1.1+deb7u4
Related CVE CVE-2019-3859

This regression update follows up on an upstream regression update [1] regarding CVE-2019-3859.

With the previous libssh2 package revision, it was observed that user authentication with private/public key pairs would fail under certain circumstances.

[1] https://github.com/libssh2/libssh2/pull/327

For Debian 7 Wheezy, these problems have been fixed in version 1.4.2-1.1+deb7u4.

We recommend that you upgrade your libssh2 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/