[Lex-2008]

The globalsign atricle says:

> If you’re using version 1.1.1, this vulnerability doesn’t affect you

AFAIK, LibreSSL forked even before that - when OpenSSL was version 1.0 or 0.9 even. So likely not affected - unless a similar issue appeared there after the fork.

[fulafel]

Parallel forks sometimes keep incorporating quite a lot of changes from each other, in the *BSD fork tradition. I'd also guess that LibreSSL is not affected but it's not a foregone conclusion.

In the previous OpenSSH vs OpenSSL 3 bug it went like this:

> The issue has been identified in OpenSSL version 3.0.4, which was released on June 21, 2022, and impacts x64 systems with the AVX-512 instruction set. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL are not affected. (https://thehackernews.com/2022/06/openssh-to-release-securit...)

[yakubin]

I'd expect higher quality code review from OpenBSD folks (who maintain LibreSSL), compared to OpenSSL.

Also, an interesting talk: LibreSSL: The first 30 days, and what the Future Holds from BSDCan: <https://www.youtube.com/watch?v=oM6S7FEUfkU>