Not to detract from the fundamental misunderstanding of the word 'patch' by their marketing department, but it's probably safe to assume that they're not using an open-source stack and hence will be ok.
I called CBA tech support, and they confirmed (verbally) that CBA has never been vulnerable to Heartbleed. I've suggested that they get someone to clarify the comments made on the blog.
It seems like there's a bot who's replying to comments with a handful of canned responses. I'd be interested if you could get the same responses from the CBA twitter/facebook accounts.
That a bank responded inappropriately to a security breach is regrettable, but not intellectually interesting, so I don't think this counts as on topic for Hacker News.<p>Also, when there is a rash of stories surrounding a single event, like Heartbleed, HN only needs the most significant or interesting articles. Otherwise it'd be all too easy for the front page to consist of nothing but stories on that one subject—most of which would at best be auxiliary.