> Another thing that I remember about that OpenBSD security advisory
> (and this was a while ago now) was that, at least initially, they told
> you to recompile the effected statically linked binaries but they
> didn't mention which ones were actually effected. This was why I
> immediately perked up when I heard about this.

Probably because they were too lazy to find what was affected in the
distribution.