I have spent time on finding out if OpenSSL 098h is affected by the CVE-2014-0195 ..but it seems I will have to understand the entire file d1_both.c to answer this question.
1) Preliminary look at patch released looks like 0.9.8h is not vulnerable to above CVE since all the fragment reassembly stuff was addded in 0.9.8o. And the patch is all about fragment reassembly.
The function dtls1_reassembly_fragment() is missing in 098h, so one may assume we are okay
2) But closer examination show that bug is about not checking the 'actual size of fragment' against the 'fragment length stored in the header of fragment'
Any help is much appreciated while I continue with the understanding the code flow.
As per https://www.openssl.org/news/vulnerabilities.html published 23th June 2014 .. OpenSSL 0.9.8h is not affected by CVE-2014-0195.
Only OpenSSL version 0.9.8o & above are affected