Aris Adamantiadis of the libssh team discovered that libssh, an SSH2
protocol implementation used by many applications, did not generate
sufficiently long Diffie-Hellman secrets.
This vulnerability could be exploited by an eavesdropper to decrypt
and to intercept SSH sessions.
For the oldoldstable distribution (squeeze), this has been fixed in
version 0.4.5-3+squeeze3.
For the oldstable (wheezy) and stable (jessie) distributions, this
will be fixed soon.