Bitbucket is not affected by the vulnerabilities announced by the OpenSSL project today. Two high severity security vulnerabilities CVE-2015-0291 and CVE-2015-0204 have been announced:
The CVE-2015-0291 vulnerability results in a potential denial of service attack against a server that requests a client's certificate, which is not something that would happen in most circumstances as it is usually the client that requests the server's certificate.
The CVE-2015-0204 vulnerability is a reclassification of the existing and well known FREAK vulnerability (CVE-2015-0204 & CVE-2015-1637), which allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data.
Both vulnerabilities described in the OpenSSL security advisory posted at https://www.openssl.org/news/secadv_20150319.txt do not affect Bitbucket.
