Is the Ubuntu trusty public repo hosting a heartbleed vulnerable openssl version?

It looks like Ubuntu trusty is hosting OpenSSL Version: 1.0.1f-1ubuntu2.21

Is this actually vulnerable to heartbleed?

• http://packages.ubuntu.com/source/trusty/openssl

• http://heartbleed.com/

  What versions of the OpenSSL are affected?
  Status of different versions:
      OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
      OpenSSL 1.0.1g is NOT vulnerable
      OpenSSL 1.0.0 branch is NOT vulnerable
      OpenSSL 0.9.8 branch is NOT vulnerable
      Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
  

and

    $ openssl version
    OpenSSL 1.0.1f 6 Jan 2014

No, the Ubuntu package has a fix backported to 1.0.1.f. http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.0.1f-1ubuntu2.21/changelog mentions a fix for Heartbeat vulnerability under version 1.0.1f-1ubuntu2 dated 7 Apr 2014.