Well, the way this bug works is that there's a chance anyone who was exploiting it could watch "over the shoulder" of all encrypted traffic in addition to having access to things like passwords and the like, so if you made any payments at all, anywhere, between the time this bug was introduced (December of 2011) and now, there's a chance your card number was compromised. It's a very tiny chance -- there's no evidence this was being exploited "in the wild" before the disclosure was made -- but still, it's a chance. This isn't just something that we were affected by, it's something that pretty much the whole internet was affected by.
It's not a huge risk, though. Change your banking website password, keep an eye on your credit card and banking statements for a few weeks, but it's not "cancel all your credit cards" level of risk and I wouldn't worry too much if I were you. (I'm in the same boat as you of having used my credit card online somewhere post-disclosure-and-pre-patch and I'm not worried, and where I used it was a much higher-value target than DW was.)
no subject
It's not a huge risk, though. Change your banking website password, keep an eye on your credit card and banking statements for a few weeks, but it's not "cancel all your credit cards" level of risk and I wouldn't worry too much if I were you. (I'm in the same boat as you of having used my credit card online somewhere post-disclosure-and-pre-patch and I'm not worried, and where I used it was a much higher-value target than DW was.)