The version 0.9.8x branch of openssl is not vulnerable against the heartbleed exploit, since the vulnerable TLS heartbeat function was only introduced in openssl 1.0.1.
What versions of the OpenSSL are affected?
Status of different versions:
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
You're referring to other openssl vulnerabilities here with these CVE's, like the TLS change cipher spec bug.