>I believe that many versions of NetBSD are vulnerable to the attacks
>described in http://www.openssl.org/news/secadv_20060905.txt -- at least,
>I'm running -current from ~3 weeks ago, and it has 0.9.8b.  -current from
>6 Sept seems to have the fix; I suspect that it will need to be pulled up
>into all current versions.

These were pulled up according to the tickets on the releng site, e.g.

http://releng.netbsd.org/cgi-bin/req-2-0.cgi?show=10690
http://releng.netbsd.org/cgi-bin/req-3.cgi?show=1504
http://releng.netbsd.org/cgi-bin/req-4.cgi?show=136

the actual advisory notices just haven't come out yet.  Looks like there
have been a bunch of security pullups of late (one is pending), so the
advisories will probably appear in a batch.

DHG