Everyone who has generated SSH Keys from any version of OpenSSH should still check to make sure their Keys are not on the blacklist, as any version *could* have used one of those keys randomly. The keys on the list are now considered "weak" because it is known that they occur more frequently, and therefore will be used in brute force attacks.

Links to tools can be found on http://metasploit.com/users/hdm/tools/debian-openssl/ among other places.

Check your keys, check the keys of users on machines you are responsible for, have a better night's sleep.

-r2