I've seen this bug too. I have to say that I didn't particularly realise the security
implications, although I understand them in hindsight. I was glad when it got fixed by Red Hat
and then I forgot all about it.
The OpenBSD community has become very inward looking. I couldn't find any evidence that they'd
even looked at the DF bug for example. Does it affect OpenBSD? Apparently no-one cared enough
to even ask, or they simply don't notice any news from outside.
We may end up with the Free Software people proving to have been right, years after the fact -
as happened with 'git'. At the time OpenSSH took off, there were some smaller GPL'd SSH clones
with less obnoxious maintainers. Those projects lost traction with the success of OpenSSH but
of course the source code still exists. If it's going to become a problem to maintain OpenSSH,
one of those clones might be the replacement. Certainly if OpenSSH continues to fall down on
security it has lost its most obvious advantage in that space.