To be clear to Windows users who will misunderstand all of that, 1) it's a bug in GNU's library and not Linux itself 2) it's a bug that affects some applications which MIGHT be installed but might not 3) the fix is already out.

what percentage of home users would be affected?

It looks to be that fixes have been rolled out - Ubuntu updated this library the day this was announced, I think. The other good news that it was found by the good guys - Red Hat found it by auditing the code so there is a very good chance its never been exploited. [bugzilla.redhat.com ].

It may affect software on other platforms such as Windows or MacOS as well. Its license is LGPL not GPL so it may be used in some proprietary software.

It is not used by Firefox, Thunderbird. It may be used with Apache if Apache is configured to use it. Apache defaults to Open SSL while Mozilla have their own library.

It does seem to be used by quite a lot of email, chat and download and multimedia software and a few other things - empathy, aria2, Wireshark, Mutt, Claws Mail, Lynx, CUPS, Exim and some gstreamer plugins.

It also seems to be used by Chrome/Chromium which may be the most widespread problem.

There are lots of lists of packages dependent on it, but depends does not mean uses or that it matters. Abiword uses gnutls, but I have never done anything with Abiword that requires accessing a network...The same applies to indirect dependencies - an app may depend on library that depends on GNUTLS but not actually use GNUTLS itself.

As far as I can see it does not break encryption, but does allow a the use of a fake certificate, leading to a possible MITM attack. There is no indication that this has happened.