CVE-2012-0814 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0814): The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. Please punt vulnerable versions.
openssh-5.9_p1-r4 is already stable
(In reply to comment #1) > openssh-5.9_p1-r4 is already stable Is ok to remove from the tree all vulnerable version before 5.9_p1-r4?
we haven't generally bothered in the past. i don't see why this would be any different.
the cleanup has been done.
This issue was resolved and addressed in GLSA 201405-06 at http://security.gentoo.org/glsa/glsa-201405-06.xml by GLSA coordinator Mikle Kolyada (Zlogene).