The security gap is so serious that the OpenSSL team decided to announce that and the patch is coming:
Full information on the details of the vulnerability (and probably the exploit …) will be available on November 1st. As you can see, the whole thing only touches the 3.x OpenSSL line.
It is also worth noting that the OpenSSL team retains the ‘Critical’ status for really serious occasions. Since the beginning of the vulnerability assessment (end of 2014), this label has only been used once so far.
Developer:Prepare tem for update if needed
QA engineer:Monitor the situation
PM/DM:Inform clients if needed