Hi, You may have heard of the rumours that there's a new OpenSSH exploit but it's unclear what this exploit actually is or whether it even exists: http://isc.sans.org/diary.html?storyid=6742
However, one consistent claim is that the "current version" of OpenSSH isn't affected. It would make sense to me to get at least unstable/sid updated with the most recent upstream version, as it wouldn't hurt. Do you as openssh maintainers think you can do this in the short term? This is at least some potentially mitigating action we can already take. cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org