Well, those machines that were installed before etch, should be safe. Can
anyone confirm this?
Only if you have an RSA key. DSA (as in, Digital Signature Algorithm)
keys should be considered compromised, too, since they use the OpenSSL
randomizer, which is buggy.
DSA (as in, Debian System Administration) is however aware of the
problem, and it should probably be fair to say that they'll give this
higher priority than other issues currently.
Is there already a fixed version available in etch-m68k?
Not that I know of. We should work on that.