From ${URL} : The OpenBSD Project reports: An attacker can trigger generation of an SSL alert which could cause a null pointer dereference. External references: http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/005_openssl.patch.sig https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
should be fixed with 1.0.1h
This issue is handled in an aggregate bug for multiple vulnerabilities released today. *** This bug has been marked as a duplicate of bug 512506 ***