Colin Watson uploaded new packages for openssh which fixed the following
security problems:

  A memory corruption vulnerability exists in the post-authentication
  sshd process when an AES-GCM cipher ( or is selected during kex exchange.

  If exploited, this vulnerability might permit code execution with the
  privileges of the authenticated user and may therefore allow bypassing
  restricted shell/command configurations.

For the wheezy-backports distribution, this problem has been fixed in
version 1:6.4p1-1~bpo70+1.

For the testing (jessie) and unstable (sid) distributions, this problem
has been fixed in version 1:6.4p1-1.

Other distributions are not vulnerable.