most of the other server-side bugs on the list relate to non-standard configs (of varying obscurity)
the fact that - in an era of increasingly hostile cyber threats - years had gone by without any serious threats says it all really.
for most people, they should just run normal SSH, enable public-key only authentication and get on with their lives.
I see no reason why anyone should jump ship to some shiny new untested ssh server. Especially as , when others have pointed out, the people behind OpenSSH are the same people behind OpenBSd and LibreSSL.
