Current version of openssl libs has a problem.
CVE-2016-2107 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107)
This issue solved in openssl 1.0.2h
Is there a plans to upgrade to 1.0.2h ?
Our corporate Qualys security scanner reported this problem as 4th level vulnerability (from 5 as highest risk level).
So for me it is important to close this vulnerability asap.