That doesn't look like a C specific error to me. In the release notes CVE-2016-2107 is listed as a padding oracle attack. Padding oracles are a logic/design error that is not easily caught by any language feature.
CVE-2016-2108 on the other hand looks like a typical C style memory corruption bug.
CVE-2016-2108 on the other hand looks like a typical C style memory corruption bug.