patches/packages/mailx-12.5-i486-1_slack13.0.txz
Drop SSLv2 support (no longer supported by OpenSSL), and fix security issues
that could allow a local attacker to cause mailx to execute arbitrary
shell commands through the use of a specially-crafted email address.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844
(* Security fix *)

patches/packages/openssl-0.9.8zh-i486-2_slack13.0.txz
This update fixes the following security issues:
Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
Double-free in DSA code (CVE-2016-0705)
Memory leak in SRP database lookups (CVE-2016-0798)
BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
Fix memory issues in BIO_*printf functions (CVE-2016-0799)
Side channel attack on modular exponentiation (CVE-2016-0702)
To avoid breaking the ABI, “enable-ssl2” is used, but all the vulnerable or
weak ciphers have been removed.
For more information, see:
https://www.openssl.org/news/secadv/20160301.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
(* Security fix *)

patches/packages/openssl-solibs-0.9.8zh-i486-2_slack13.0.txz