Currently in Rawhide I see openssh-2.5.1p1-7.src.rpm . Bzzt - still contains vulnerabilities relating to traffic analysis. See Solar's advisory: http://www.securityfocus.com/archive/1/169840 . Some of the fixes made it into 2.5.1, but NOT ALL! Please ship 2.5.2 with RH7.1. Note that 2.5.2 is also claimed to fix some incompatibilities 2.5.1 introduced.
we akready have 2.5.2p1 in our tree.
Excellent! I'm not lazy, I _did_ check - must be a victim of lag between your internal tree and beta.redhat.com :-)
Hm, is this perhaps serious enough to justify a general OpenSSH errata update to 2.5.2p1?