Please people stop mailing me privately and asking. (Probably bugging other people in the group as well).
The OpenSSL group do not tell the LibreSSL group about vulnerabilities that they are fixing in upcoming releases. Why? Well, they just don't. That's the whole story. Hopefully the LibreSSL team has been aggressive enough at cleaning house, and the issue is already resolved in LibreSSL. Wait and see.
