GLSA-202004-10 marks all openssl versions under 1.1.1g as vulnerable. However, 1.0.2u fixed CVE-2019-1551  and 1.0.2* and 1.1.0* versions are not affected by CVE-2020-1967 
Same status here. GLSA-202004-10 has caused Nessus to build plugin # 135946, which incorrectly marks anything prior to 1.1.1g as vulnerable. Specifically 1.0.2u is the one I'm having trouble with.
Created attachment 643856 [details]
Fix affected OpenSSL versions for GLSA 202004-10
Same issue here. 1.0.2u is not affected by either of the CVEs in this GLSA.
I think the attached patch to glsa-202004-10.xml is the right way to fix it, based on how other GLSAs handle multiple slots with different affected versions.
Unfortunately I do not know the right way to submit PRs for the glsa.git repo, as it is not mirrored to github like the main portage tree is.
Closing as CANTFIX: OpenSSL in Gentoo never used slots and subslot format was too specific which makes it impossible for us to proper target affected versions.