This is discussed here
SSH CVE
It looks like master, nixpkgs-unstable, and nixos-unstable-small are “green” in the Pull request tracker.
So hopefully fairly soon as it all flows through the process.
I’m impressed by the quick response from the community to the issue…