CLSA-2026-1778583971 Fix CVE(s): CVE-2026-28387, CVE-2026-28388
SECURITY UPDATE: A use-after-free / heap corruption in danematch of the X.509 verifier where the cached DANE-matched certificate was freed via OPENSSLfree instead of X509free, bypassing the X509 reference counting and freeing certificate fields that may still be referenced by other holders. An...