Security vulnerability. This patch should be applied to both libressl-2.2.4 and libressl-2.3.1, the current in-tree versions. Reproducible: Always
Created attachment 418584 [details, diff] Patch for use in tree.
The fix is in the tree and the vulnerable versions removed.