Comment 6 for bug 286337

VTKnightMare: Backports are *not* done in order to fix bugs. Instead, fixes for security problems are isolated as a patch, applied to the version in the repository and uploaded to hardy-security. In fact, if you look at https://launchpad.net/ubuntu/+source/openssh you can see that the particular vulnerability you mention, CVE-2008-1483, has already been fixed in all Ubuntu releases.