Sadly you have to do a bit of sleuthing to work this out. The CVE relating to your bug:
…mentions the openSSL versions vulnerable…
The opensource software for 9.4(1):
…states that it uses 1.0.1l , so this version is vulnerable.
The patch notes for 9.4(4)18 do not mention the original CVE, but does mention for following CVE as being fixed in 9.4(4)17:
..which mentions openSSL 1.0.2b
So…we can infer that the 9.4.(4)18 is running a newer version of openSSL 1.0.2b and therefore is not vulnerable to CSCuu83280.