icculus.org uses OpenSSL, and was vulnerable to the Heartbleed exploit since we migrated to Ubuntu 12.10 on January 20th, 2013.
In the past few days, we have patched the security hole, revoked our existing SSL certificate, and installed a new certificate.
We don't have reason to believe Heartbleed was ever exploited on our servers, but the problem with Heartbleed is that there's never any indication that it was, either. If you have a shell account on icculus.org, or any personal/sensitive data on any service of icculus.org, like revision control or Bugzilla, you should consider changing your password.
If you have any problems or questions, or see anything that looks suspicious, please email Ryan ASAP.
Thanks!
--icculus.
