Some bugs in OpenSSL were recently disclosed. CVE-2016-2177 http://seclists.org/oss-sec/2016/q2/500
CVE-2016-2178 http://seclists.org/oss-sec/2016/q2/493 The second bug can apparently be used by an attacker to recover DSA keys. And remember that OpenSSH uses OpenSSL, so it is affected too. Should we try cherry-picking the upstream commits from the OpenSSL development repo?
