From upstream: Luxembourg, January 15th, 2016 NoMachine makes available updated packages to prevent an information leak vulnerability in OpenSSH client code (CVE-2016-0777 and CVE-2016-0778) which can allow a malicious server to read memory on connecting computers, including private client user keys. To prevent any possible exploit, NoMachine has released new software packages for Windows, Linux and Mac OS X. Since the nxssh client may be used in some connection configurations, we strongly advise all users of version 5 to update their installations to 5.0.63. For further details please consult our original security advisory here: https://www.nomachine.com/SU02N00100. net-misc/nxplayer includes the mentioned nxssh binary in the upstream advisory. I bumped the package to fixed version 5.0.63.3 and removed the vulnerable ones (package is ~arch only)
Fixed package from upstream committed and all vulnerable versions removed per previous comment. openssh CVE vulnerabilities being tracked in bug 571892. Unstable so no GLSA.