ah, le premier qui soit si clair, je cite :
This is not a vulnerability in openssh, so it doesn't affect the ssh that we all use every day. libssh2 is a client-side C library, which enables applications to connect to an SSH server. This also isn't a vulnerability in libssh, which is an unrelated C library which provides similar functionality to libssh2.
— Permalink