The patch for Debian Woody is already available.

 >  openssh (1:3.4p1-1.1) stable-security; urgency=high
 >
 >  * NMU by the security team.
 >  * Merge patch from OpenBSD to fix a security problem in buffer
 >    handling
 >
 > -- Wichert Akkerman <wakkerma@debian.org>  Tue, 16 Sep 2003 13:06:31
 > +0200

Make sure you have the following line and then apt-get update, apt-get 
install.

 >  deb http://security.debian.org/  woody/updates  main


Austin Godber wrote:
> See slashdot.  There doesn't seem to be a public exploit.  There is a new
> version released:
> 
> ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.7p1.tar.gz 
> 
> Also be warned of other possibilities:
> "every single hp and cisco switch containing this code
> is likely vulnerable" -Theo
> 
>  From Full disclosure email list.


-- 
Chris Lewis
shadow@digitalnirvana.com
----------------------------------------
If it compiles, it is good, if it boots up it is perfect.
       - Linus Torvalds
----------------------------------------