Aspera software is not affected by a bug that has been found in OpenSSH's client software. A bug in the OpenSSH client has been found to create an exploitable information leak, which could allow malicious servers to steal a client's private keys. This issue only affects OpenSSH clients for versions 5.4 - 7.1.
Specifically, the vulnerability occurs in the roaming feature for OpenSSH client, which is by default turned on. See the link below for more information.
Aspera products use their own embedded SSH clients which are run with no options, and
ascp does not make use of OpenSSH configurations.
Therefore, this security issue does NOT AFFECT any Aspera products.