On Tue, Feb 23, 2016 at 04:03:31PM +0000, Salvatore Bonaccorso <car...@debian.org> wrote a message of 50 lines which said:
> Package : libssh2 > CVE ID : CVE-2016-0787 ... > Andreas Schneider reported that libssh2, a SSH2 client-side library, > passes the number of bytes to a function that expects number of bits > during the SSHv2 handshake when libssh2 is to get a suitable value for > 'group order' in the Diffie-Hellman negotiation. This weakens > significantly the handshake security, potentially allowing an > eavesdropper with enough resources to decrypt or intercept SSH sessions. The text in <https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/> says it is CVE-2016-0739?
