I've been looking at:
and it appears that libssl is part of openssl.
As for figuring out the version numbers, the only version number I know is the version number I installed yesterday.
If OpenSSL 1.0.1 is on my machine, it probably is on there because some other install added it automatically.
Thus I need to find out how to use debian utilities to check for the presence of compromised packages.
However, the output is not informative, e.g.:
# apt-get check libssl
Reading package lists... Done
Building dependency tree
Reading state information... Done