Debian Security Announcement
Is it absolutely impossible for these guys to just send out an announcement in plain English?
A memory leak flaw was found in the way an OpenSSL handled failed
session ticket integrity checks. A remote attacker could exhaust all
available memory of an SSL/TLS or DTLS server by sending a large number
of invalid session tickets to that server.
What? Where, what typical applications/scenarios might be affected? Real world examples? No wonder the Open Source world has such a bad rep amongst non geeks. Pure gobbledygook brought on by severe laziness and extreme arrogance.