What versions are affected? E.g. Ubuntu 14.04 appears to be on 2.19-0ubuntu6.5 (just updated). Does that include the fix?

You can check the libc version with:

dpkg -s libc6

For my Debian 7 servers it reports "Version: 2.13-38+deb7u7" after upgrading. Everything below that (eg. "*u6") is vulnerable. I don't know about the specific version numbers in Ubuntu though.

Edit: the fixed Ubuntu version is "2.15-0ubuntu10.10"

Per the Ubuntu security advisory for this, 14.04 is not impacted.

Full blog post coming, but 14.04 was never vulnerable. glibc 2.17 was the last vulnerable version.