Is this not serious enough to warrant the creation of a new protocol version?
ssh protocol 2.2 or 3?
Yes it will hurt. Hard luck; this was a big mistake.
Anyone blaming 'Debian' is foolish in the extreme; this could have happened in any distro.
It's not about Debian, it's about Linux / GNU/Linux / BSD and friends.