>In short: our ssh and ssh6 packages wer vulnerable; I've fixed them, and
>I've sent security officer my summary of my findings.

	as far as I understand, ssh/ssh6 (based on ssh.com 1.2.27) has other
	issues listed in http://www.openssh.com/security.html (only corrected
	in 1.2.31 which comes with different license), so I don't
	really recommend installing ssh/ssh6 even after Ignatios's fix.

itojun