Register | Log in

libssh2

Choose email to subscribe with

general

source: libssh2 (main)
version: 1.11.1-3
maintainer: Nicolas Mora (DMD)
arch: any
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.9.0-2+deb11u1
oldstable: 1.10.0-3
stable: 1.11.1-1
testing: 1.11.1-2
unstable: 1.11.1-3

versioned links

1.9.0-2+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libssh2-1-dev
libssh2-1t64

action needed

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-7598: A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.

Created: 2026-05-02 Last update: 2026-05-10 09:31

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2026-7598: A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.

Created: 2026-05-02 Last update: 2026-05-10 09:31

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-7598: (needs triaging) A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-05-02 Last update: 2026-05-10 09:31

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2026-7598: (needs triaging) A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-05-02 Last update: 2026-05-10 09:31

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migration status for libssh2 (1.11.1-2 to 1.11.1-3): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Autopkgtest for aria2/1.37.0+debian-4: amd64: Pass, arm64: Pass, i386: Pass, loong64: Pass, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for curl/8.20.0-1: amd64: Pass, arm64: Pass, i386: Pass, loong64: Pass, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for gst-plugins-bad1.0/1.28.2-2: amd64: Pass, arm64: Pass, i386: Pass, loong64: Pass, ppc64el: Pass, riscv64: No tests, superficial or marked flaky ♻, s390x: Test triggered
- ∙ ∙ Autopkgtest for libgit-raw-perl/0.90+ds-3: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for libgit2/1.9.2+ds-9: amd64: No tests, superficial or marked flaky ♻, arm64: No tests, superficial or marked flaky ♻, i386: No tests, superficial or marked flaky ♻, loong64: Test triggered, ppc64el: No tests, superficial or marked flaky ♻, riscv64: No tests, superficial or marked flaky ♻, s390x: Test triggered
- ∙ ∙ Autopkgtest for libnet-ssh2-perl/0.74-1: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for libsfml/3.1.0+dfsg-3: amd64: Pass, arm64: Pass, i386: Pass, loong64: Failed (not a regression) ♻ (reference ♻), ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for libssh2/1.11.1-3: amd64: Pass, arm64: Pass, i386: Pass, loong64: Pass, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for libvirt/12.2.0-1: amd64: Pass, arm64: Pass, i386: Pass, loong64: Pass, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for medusa/2.3-3: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for nmap/7.99+dfsg-1: amd64: No tests, superficial or marked flaky ♻, arm64: No tests, superficial or marked flaky ♻, i386: No tests, superficial or marked flaky ♻, loong64: Test triggered, ppc64el: No tests, superficial or marked flaky ♻, riscv64: No tests, superficial or marked flaky ♻, s390x: Test triggered
- ∙ ∙ Autopkgtest for pgbackrest/2.58.0-1: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for rust-cargo-c/0.10.16-2: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for rust-debcargo/2.8.2-2: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for rust-libssh2-sys/0.3.0-1: amd64: Pass, arm64: Pass, i386: Pass, loong64: Pass, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for rustc/1.94.1+dfsg1-1: amd64: Pass, arm64: Pass, i386: Pass, loong64: Pass, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for vlc/3.0.23-3: amd64: Pass, arm64: Pass, i386: Pass, loong64: Pass, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/libs/libssh2.html
- ∙ ∙ Reproduced on amd64 - info
- ∙ ∙ Reproduced on arm64 - info
- ∙ ∙ Reproduced on armhf - info
- ∙ ∙ Reproduced on i386 - info
- ∙ ∙ 5 days old (needed 5 days)
- Not considered

news

[2026-05-09] Accepted libssh2 1.11.1-3 (source) into unstable (Nicolas Mora)
[2026-03-21] libssh2 1.11.1-2 MIGRATED to testing (Debian testing watch)
[2026-03-18] Accepted libssh2 1.11.1-2 (source) into unstable (Nicolas Mora)
[2024-10-21] libssh2 1.11.1-1 MIGRATED to testing (Debian testing watch)
[2024-10-18] Accepted libssh2 1.11.1-1 (source) into unstable (Nicolas Mora)
[2024-08-05] libssh2 1.11.0-7 MIGRATED to testing (Debian testing watch)
[2024-08-02] Accepted libssh2 1.11.0-7 (source) into unstable (Nicolas Mora)
[2024-07-29] libssh2 1.11.0-6 MIGRATED to testing (Debian testing watch)
[2024-07-25] Accepted libssh2 1.11.0-6 (source) into unstable (Nicolas Mora)
[2024-05-25] libssh2 1.11.0-5 MIGRATED to testing (Debian testing watch)
[2024-05-22] Accepted libssh2 1.11.0-5 (source) into unstable (Nicolas Mora)
[2024-04-25] libssh2 1.11.0-4.1 MIGRATED to testing (Debian testing watch)
[2024-04-23] Accepted libssh2 1.9.0-2+deb11u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Nicolas Mora)
[2024-02-28] Accepted libssh2 1.11.0-4.1 (source) into unstable (Graham Inggs)
[2024-02-02] Accepted libssh2 1.11.0-4.1~exp1 (source) into experimental (Steve Langasek)
[2024-01-09] libssh2 1.11.0-4 MIGRATED to testing (Debian testing watch)
[2024-01-02] Accepted libssh2 1.11.0-4 (source) into unstable (Nicolas Mora)
[2023-12-02] libssh2 1.11.0-3 MIGRATED to testing (Debian testing watch)
[2023-11-29] Accepted libssh2 1.11.0-3 (source) into unstable (Nicolas Mora)
[2023-09-08] Accepted libssh2 1.8.0-2.1+deb10u1 (source) into oldoldstable (Guilhem Moulin)
[2023-07-02] libssh2 1.11.0-2 MIGRATED to testing (Debian testing watch)
[2023-06-25] Accepted libssh2 1.11.0-2 (source) into unstable (Nicolas Mora)
[2023-06-05] Accepted libssh2 1.11.0-1 (source) into experimental (Nicolas Mora)
[2022-03-04] libssh2 1.10.0-3 MIGRATED to testing (Debian testing watch)
[2022-03-02] Accepted libssh2 1.10.0-3 (source) into unstable (Nicolas Mora)
[2021-12-17] Accepted libssh2 1.7.0-1+deb9u2 (source) into oldoldstable (Anton Gladky)
[2021-09-28] libssh2 1.10.0-2 MIGRATED to testing (Debian testing watch)
[2021-09-25] Accepted libssh2 1.10.0-2 (source) into unstable (Nicolas Mora)
[2021-09-01] Accepted libssh2 1.10.0-1 (source) into experimental (Nicolas Mora)
[2021-08-16] libssh2 1.9.0-3 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 3
RC: 0
I&N: 3
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.11.1-1build2
1 bug

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing