I think the headline is way off!
OpenVPN consists of 3 components: OpenVPN Server, Admin Web interface / Admin UI and the Connect client. This comes straight from the quick start guide. This bug does not exist within the OpenVPN server, but with the web interface, which is a completely separate issue.
If you're using OpenVPN then this doesn't imply that you're also using the web ui. I had even forgotten that it had a web interface to begin with, also because I never bothered to install it. On FreeBSD the OpenVPN server is known as security/openvpn, the web interface on the other hand is: security/openvpn-admin.
And although you are right that we're basically using the exact same source tree there's another important detail to keep in mind... If you're using OpenVPN and compiled it from source then (from ./configure --help):
--disable-management disable management server support [default=yes]
So by default this service is disabled, only if you explicitly enabled it will it become a possible issue. Therefor I think the headline is all wrong: this has nothing to do with OpenVPN server, but all the more so with the OpenVPN management interface. Which isn't even used by default.