New SSH packages that include such a blacklist have hit both ubuntu and debian repos now.
(Personally I'm not going to use those patches on my non-Debian systems: they slow down
connection with a binary search across a multimegabyte file on every connection attempt, they
eat 4Mb of disk space on / and I know none of my keys are vulnerable. But still, it's probably
good if you don't know that. I just hope that someday we can remove those patches again...)