What they've found is that there's a companion memory leak (CVE-2015-5333) and buffer overflow (CVE-2015-5334) in the SSL replacement candidate.
The researchers from Qualys (their notice published here) said they were trying to see if a remote code execution attack is feasible against vulnerabilities they've turned up in OpenSMTPD (which earlier this month hit version 5.7.3).
“Because we could not find one in OpenSMTPD itself, we started to review the malloc()s and free()s of its libraries, and eventually found a memory leak in LibreSSL's OBJ_obj2txt() function; we then realized that this function also contains a buffer overflow (an off-by-one, usually stack-based).”
The memory leak provides a path for an attacker to cause a denial-of-service attack, and also permits triggering of the buffer overflow.
The LibreSSL team has released fixes for OpenBSD.
(Score: 0) by Anonymous Coward on Tuesday October 20 2015, @12:39PM
Calculus is also too difficult for humans. Doing all those calculations just to make a rocket go seems wrong. We should all be using paper planes. And live in caves.
Then there are other benefits a more modern language could bring than just memory management
Until the language no longer works for what you need it to do. So you modify the language until you end up with the same "problems" you intended the "more modern" language to solve.
(Score: 0) by Anonymous Coward on Tuesday October 20 2015, @02:08PM
I like how he thinks that 'a modern language' will somehow magically solve all problems. You're not going to get rid of complexity; you can only 'abstract it away', i.e. move it somewhere else [imgur.com]. You're not going to solve anything that way.