According to changelog, a couple of the issues sound like security relevant, though I don't know (NULL pointer, overflow). At least, please bump. http://www.libssh2.org/changes.html
Upstream says it's most likely not security relevant, but he hasn't investigated deeper. So I suggest we consider it a normal bump.
It's in. Doesn't look like there are any immediate security issues.