There’s a new bash vulnerability that could be a problem for a network-facing machine that happens to use bash.  (See here for test.)  As a BSD user, you can feel somewhat smugly superior since the default shell is tcsh and therefore it may not affect you – unless you’ve installed it from dports.

John Marino has already updated dports.  A new binary is forthcoming, though you can always rebuild by hand if you don’t want to wait.

Update: oh, wait, not done.