See:
and
Please note that, although tempted, I did not rush over and post that as soon as I saw it yesterday morning...
I'm barely holding back with the old Sendmail Bug-Of-The-Month comparison...
The odd thing I did notice though, is that it doesn't follow the normal SSH holes pattern. It affects some products from some companies, but not others - such as SSH, but some OpenSSH's are unaffected.
Also, the client is affected - fun stuff...