The OpenSSL team made the following commit:
This is a possible weakness in OpenSSL which could allow a local user in certain
circumstances to divulge information about private keys being used. For
example if a server has a SSL web server on it, a local unprivileged user may be
able to get hold of the key.
It's similar to previous issues and is rated severity=moderate