Leo Famulari <leo@famulari.name> writes:

> On Mon, May 08, 2017 at 03:07:14PM -0400, Kei Kebreau wrote:
>> Fixes CVE-2016-{10209,10350} and CVE-2017-5601.
>> 
>> * gnu/packages/backup.scm (libarchive): Update to 3.3.1.
>
> Thanks!
>
> Can you use a graft instead? Then, the commit message can be like this:
>
> gnu: libarchive: Replace with 3.3.1 [security fixes].
>
> Fixes CVE-2016-{10209,10350}, CVE-2017-5601.
>
> * gnu/packages/backup.scm (libarchive)[replacement]: New field.
> (libarchive-3.3.1): New variable.

Like the patch I've attached?