We have released LibreSSL 3.5.4 and 3.6.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
They include the following security fix:
* A malicious certificate revocation list or timestamp response token
would allow an attacker to read arbitrary memory.
Errata patches for LibreSSL libcrypto, X11 server, and smtpd have
been released for OpenBSD 7.1 and 7.2.
Binary updates for the amd64, i386 and arm64 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page: