Some information about the openssl heartbleed bug:
https://packages.debian.org/sid/openssl
http://heartbleed.com/
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
http://www.debian.org/security/2014/dsa-2896
For the stable distribution (wheezy), this problem has been fixed in version 1.0.1e-2+deb7u5.
