It seems that only the web servers and mail in our department were affected by the Heartbleed bug. We patched all of them immediately (which necessitated the coxeter reboot on Wednesday) and now are waiting to install updated certificates for our various servers. Until the updated certificates are installed changing passwords and using them on our web or mail servers is not protected. We hope to have the new certificates ready on Monday and at that point we will have more information about password resets.
The official UofT link for information about the Heartbleed bug is:
