If it was discovered before the LibreSSL fork, there's a good chance it has been fixed, otherwise the move from non-standard malloc functions has probably nipped this one in the bud. That's my guess based on what I know about LibreSSL.
On Fri, Oct 14, 2016 at 3:55 PM, Peter Janos <peterjan...@mail.com> wrote: > Hello gods, > > http://seclists.org/fulldisclosure/2016/Oct/62 > -> > https://github.com/guidovranken/openssl-x509-vulnerabilities > > a little bit old, but LibreSSL got this? > > > The original X509_NAME decode free code was buggy: this > could result in double free or leaks if a malloc failure > occurred. > Simplify and fix the logic. > Thanks to Guido Vranken for reporting this issue. > Reviewed-by: Matt Caswell <m...@openssl.org> > (Merged from #1691) > > Thanks! > -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse
