spot checking, debian stable, ubuntu 22.04 lts and rhel 7/8/9 all ship pre-9.1 openssh which aren't affected, if that helps put anyone else's mind at ease a bit.
This is already mentioned in a different comment here[1], but for ease of reference, Arch Linux did ship a vulnerable version and released the fix on 2 February[2].
spot checking, debian stable, ubuntu 22.04 lts and rhel 7/8/9 all ship pre-9.1 openssh which aren't affected, if that helps put anyone else's mind at ease a bit.