I mistakenly sent an earlier draft of this email. Here is the correct
message:
These patches address CVE-2016-0739 (libssh) and CVE-2016-0786 (libssh2)
[0].
For libssh, we update to the latest upstream release, 0.7.3 [1].
Guile-ssh depends on a private package of an older version of libssh [2],
These patches address CVE-2016-0739 (libssh) and CVE-2016-0786 (libssh2)
[0].
For libssh, we update to the latest upstream release, 0.7.3.
Guile-ssh depends on a private package of an older version of libssh [1], so
we update that private package to the latest version supported by
guile-ssh, 0.6.
