From the security trenches:
- Pidgin versions earlier than 2.5.6 have multiple buffer overflow vulnerabilities
- OpenSSH versions earlier than 5.2 and programs that implement the same are vulnerable (1 in 262144 chances of an attacker being able to see the plain text by sending specially manipulated packets.)