Forum OpenACS Development: Re: Security Bug In OpenSSL
but compiling your own OpenSSL 1.0.1g is certainly safe in this regard.
Changing the library/recompiling is the easy part, "fixing" the damage is harder, since heartbleed allows to read the memory (tcp buffers, etc.). One should change all HTTP authentication credentials, which were ever transported over affected SSL channels, after the leak was fixed. .... also for external sites. Also, getting new certificates might not be a bad idea.