I would like to know why the version of openssh used in Centos4.4

is based on version 3.9p1 but not on a more recent version of openssh?

The vulnerabilities found and corrected in the last version of openssh

are also corrected in version 3.9?