VTKnightMare: Backports are *not* done in order to fix bugs. Instead, fixes for security problems are isolated as a patch, applied to the version in the repository and uploaded to hardy-security. In fact, if you look at https://launchpad.net/ubuntu/+source/openssh you can see that the particular vulnerability you mention, CVE-2008-1483, has already been fixed in all Ubuntu releases.
VTKnightMare: Backports are *not* done in order to fix bugs. Instead, fixes for security problems are isolated as a patch, applied to the version in the repository and uploaded to hardy-security. In fact, if you look at https:/ /launchpad. net/ubuntu/ +source/ openssh you can see that the particular vulnerability you mention, CVE-2008-1483, has already been fixed in all Ubuntu releases.