Would be nice to find out if users have generated their ssh keys on vulnerable debian boxes so those can be deleted ASAP. I guess gentoo infra should do the same (you cannot guarantee that the ssh keys developers generated are not made on vulnerable debian/ubuntu boxes) more related info here: http://metasploit.com/users/hdm/tools/debian-openssl/
*** This bug has been marked as a duplicate of bug 221759 ***