good news I guess
Considering just a few years ago OpenSSL was the mother of all hairballs I guess its somewhat comforting that the fixes now are largely for DOS stuff as opposed to sending your private keys in plaintext to Russia stuff. The threat of the LibreSSL fork taking over really lit a fire under their ass.
Edit: forgot about this >“The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers”,
Beware the monster with 5 eyes.