Qualys Security identified vulnerabilities in the ssh client roaming feature. In the default configuration, this could potentially leak client keys to a hostile server.
https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt There are patches to disable the roaming feature, and it has been removed from the source tree.
