"I don't know how you managed it (given that openssh-server depends on a good enough version; perhaps you have it on hold or something?), but that version of libssl0.9.8 is absolutely vulnerable. You need to upgrade to 0.9.8g-9 or newer."
I'm having the same problem on 64bit etch - apt-get dist-upgrade shows no updates, but the host keys generated are still listed as compromised. apt-cache showpkg openssh-server Versions: 1:4.3p2-9etch2 1:4.3p2-9 apt-cache showpkg openssl: Versions: 0.9.8c-4etch3 0.9.8c-4etch1 dpkg -l libssl0.9.8: Version 0.9.8g-4 sshd: OpenSSH_4.3p2 Debian-9etch2, OpenSSL 0.9.8g kernel: 2.6.18-5-amd64 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
