Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: dev-libs/openssl
Package Version: [cpe:/a:openssl:openssl:1.0.2h cpe:/a:openssl:openssl:1.0.2j]

Advisory: CVE-2016-6304
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-6304
  CVSS severity score: 7.8/10.0
  Confidence: high
  Description:

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

Advisory: CVE-2016-6306
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-6306
  CVSS severity score: 4.3/10.0
  Confidence: high
  Description:

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.