Debian has published Security Advisories for two consecutive days, trying to get a grip on what looks like a massive security hole in their SSH and SSL offerings. I spent 4 hours yesterday and another one this morning going through all the systems locking things down.
Details are still surfacing, but this time it seems they outdone themselves, making the key space apparently very, very small (we're talking '5 minute brute force' small). There are some bits of info on http://wiki.debian.org/SSLkeys