(We need to keep the old numbering syntax to make versions compare
correctly.)
There are only two consumers in pkgsrc; one of them (remmina and
remmina-plugins) actually needed library version 0.4 or later, and
didn't build the ssh/sftp/nx plugins without. Hydra is also supposed
to build with 0.4.x and later.)
Upstream changelogs:
0.5.4:
CVE-2013-0176 - NULL dereference leads to denial of service
Fixed several NULL pointer dereferences in SSHv1.
Fixed a free crash bug in options parsing.
and for completeness 0.5.3:
This is an important SECURITY and maintenance release in
order to address CVE-2012-4559, CVE-2012-4560, CVE-2012-4561
and CVE-2012-4562.
CVE-2012-4559 - Fix multiple double free() flaws
CVE-2012-4560 - Fix multiple buffer overflow flaws
CVE-2012-4561 - Fix multiple invalid free() flaws
CVE-2012-4562 - Fix multiple improper overflow checks
(...)
Suggested by Noud de Brouwer in wip/libssh and PR pkg/47518, but needed
some changes to PLIST as well as to make "pkg_admin audit" and updates
compare correctly.
55ec1ecd6f