On May 13th, Debian announced that there is a bug in the way SSH RSA/1024 and DSA/2048 were generated, the actual probelm was that the keys were not random enough, given time and resources you can generate enough keys to use in a brute force attack. Aside from the obvious, I have my own thoughts on the matter.
First, I was mad, really mad. How can Debian miss such a glaring hole? And then I read the description of what actually happened - I won't go in detail here, you can find it online - and guess what, I got even MORE mad. This was beyond a simple mistake, this was bad management.