It's been mentioned in various places in the press (e.g. here), and the advisory is here.
The fix for our repository was pushed last week.
Since a number of popular solutions (e.g. OpenVPN) use it, and since the threshold for exploitation seems trivial, I thought it worth mentioning here. I know it's not generally advised to upgrade packages, but this one is probably warranted.