The vulnerability also affects clients, potentially including phones and tablets.
The Google site
All versions of Android are immune to CVE-2014-0160 (with the limited exception of Android 4.1.1; patching information for Android 4.1.1 is being distributed to Android partners)
Basically, if you're running 4.1.1 it may be worth contacting your phone manufacturer, otherwise your phone / tablet should be OK - though obviously, the servers you connect to may not.
Having read a bit more on this, it occurs to me that you BEFORE you change your password on an affected site, you might want to ensure they've fixed the bug. If not, you'd potentially be exposing your new and old passwords to a watcher who didn't have the old one
Hopefully, a google search will find notifications from websites regarding their fix status - a collation of vendor notifications can be found here
Apparently there are tools that claim to identify which sites are at risk - I think by looking at the webserver they're running. Not sure if this can tell you when the sites have been patched.