We're on 1.0.2e and 1.0.2g is out. There has been a couple of CVEs:
Servers, so doesn't affect us.
DSA keys, which we no longer use.
Exotic use of OpenSSL. May be affected.
Could affect our ssh client, but not likely to be exploitable.
1.0.2h is also out, with a few more CVEs:
Not sure if it covers us. Doesn't sound like it. It was however already fixed back in 1.0.2c.
Sounds like it affects both OpenSSH and rdesktop. It is however a MITM, which rdesktop doesn't have protection for. Could be severe problems for OpenSSH though.
Not clear when this can hit. May be affected. Low severity.
Only EBCDIC systems.
Fixed in r31494.
Verified that it is included in the build (5162)
Verified that rdesktop still works.
Verified client connects on CentOS 7, and MacOSX.