As per https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions in Ubuntu we do not generally upgrade software package versions to fix security vulnerabilityies - instead we backport patches to fix the issue directly on the existing version of the package in the respective Ubuntu release. So libssh2 will not be upgraded to fix this CVE.
As per https:/ /wiki.ubuntu. com/SecurityTea m/FAQ#Versions in Ubuntu we do not generally upgrade software package versions to fix security vulnerabilityies - instead we backport patches to fix the issue directly on the existing version of the package in the respective Ubuntu release. So libssh2 will not be upgraded to fix this CVE.