Forwarded ports not closed to remote ssh2 server in FIN_WAIT_2

This appears to have been introduced with Lucid 10.04, this problem doesn't appear on 9.04 and 9.10. I'm not sure if this is an openSSL bug or an openssh problem so I'll target the first point of contact, ssh.

I'll try and answer any questions but I'll have to respect the security of the information provided.

I use ssh port forwarding to hop to a remote server which happens to be a ssh2 server. With Lucid 10.04 ssh any completed forwarded sessions (session 2) are left in a FIN_WAIT_2 state on the passthru server and hang when the initiating session closes only method is to Control-C session 1.

I've decided to alert this as a security vulnerability because the initiating session, on close, still appears to wait for the forwarded ports to close and so will still allow connections to the local port to be made. Control-C on Session one terminates the forwarding.

The test: Two Local sessions (10.04 lucid), one passthru ssh server and a target ssh2 server.
  Session 1: login to passthru server - setup local port forward to remote target ssh2.
  Session 2: login to target ssh2 server via local port
  Session 2: Issue 'exit' command and session 2 returns to local system prompt, as expected.
  Session 1: Issue 'netstat | grep ssh' on passthru server, shows forwarded connection to remote ssh2 server in FIN_WAIT_2
  Session 1: Issue 'exit' command and the session hangs, doesn't return to local system prompt. not expected.
  Session 2: Login in to target ssh2 server via local port, accepted. security risk, local forward port still active.
  Session 2: Issue 'exit' and session 2 again returns to local system prompt, as expected.
  Session 1: Control-C hung session. ssh vvv debugging shows ports left open and closes.

 When the above test is repeated using 9.10,or 9.04 both session close down as expected.

 Examination of netstat on passthru server still shows FIN_WAIT_2 connections to remote ssh2 target server still active and using up resources.

Lucid 10.04 local sessions, debugging -vvv on session 1 output (I've attached replaced addresses full output of session 1), show the closing of session 2 as:

debug2: channel 3: read<=0 rfd 10 len 0
debug2: channel 3: read failed
debug2: channel 3: close_read
debug2: channel 3: input open -> drain
debug3: Wrote 144 bytes for a total of 5687
debug2: channel 3: ibuf empty
debug2: channel 3: send eof
debug2: channel 3: input drain -> closed
debug3: Wrote 32 bytes for a total of 5719

UNLIKE 9.10 local sessions, debugging -vvv on session 1 output, shows the closing of session 2 as:

debug2: channel 2: read<=0 rfd 8 len 0
debug2: channel 2: read failed
debug2: channel 2: close_read
debug2: channel 2: input open -> drain
debug2: channel 2: ibuf empty
debug2: channel 2: send eof
debug2: channel 2: input drain -> closed
debug2: channel 2: rcvd eof
debug2: channel 2: output open -> drain
debug2: channel 2: obuf empty
debug2: channel 2: close_write
debug2: channel 2: output drain -> closed
debug2: channel 2: rcvd close
debug3: channel 2: will not send data after close
debug2: channel 2: send close
debug2: channel 2: is dead
debug2: channel 2: garbage collecting
debug1: channel 2: free: direct-tcpip: listening port 5341 for iii.iii.iii.iii port 22, connect from 127.0.0.1 port 58799, nchannels 3
debug3: channel 2: status: The following connections are open:
  #1 client-session (t4 r0 i0/0 o0/0 fd 5/6 cfd -1)
  #2 direct-tcpip: listening port 5341 for iii.iii.iii.iii port 22, connect from 127.0.0.1 port 58799 (t4 r1 i3/0 o3/0 fd 8/8 cfd -1)

debug3: channel 2: close_fds r 8 w 8 e -1 c -1

Any ideas why these sessions are now being left open in Lucid ?