diff --git a/SOURCES/openssl-1.0.1e-cve-2015-0209.patch b/SOURCES/openssl-1.0.1e-cve-2015-0209.patch
new file mode 100644
index 0000000..dff5261
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-cve-2015-0209.patch
@@ -0,0 +1,27 @@
+diff -up openssl-1.0.1e/crypto/ec/ec_asn1.c.use-after-free openssl-1.0.1e/crypto/ec/ec_asn1.c
+--- openssl-1.0.1e/crypto/ec/ec_asn1.c.use-after-free	2015-03-18 13:13:30.221429895 +0100
++++ openssl-1.0.1e/crypto/ec/ec_asn1.c	2015-03-18 13:22:45.165361144 +0100
+@@ -1140,8 +1140,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
+                                  ERR_R_MALLOC_FAILURE);
+ 			goto err;
+ 			}
+-		if (a)
+-			*a = ret;
+ 		}
+ 	else
+ 		ret = *a;
+@@ -1206,11 +1204,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
+ 			}
+ 		}
+ 
++	if (a)
++		*a = ret;
+ 	ok = 1;
+ err:
+ 	if (!ok)
+ 		{
+-		if (ret)
++		if (ret && (a == NULL || *a != ret))
+ 			EC_KEY_free(ret);
+ 		ret = NULL;
+ 		}
diff --git a/SOURCES/openssl-1.0.1e-cve-2015-0286.patch b/SOURCES/openssl-1.0.1e-cve-2015-0286.patch
new file mode 100644
index 0000000..64ec2b7
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-cve-2015-0286.patch
@@ -0,0 +1,13 @@
+diff -up openssl-1.0.1e/crypto/asn1/a_type.c.bool-cmp openssl-1.0.1e/crypto/asn1/a_type.c
+--- openssl-1.0.1e/crypto/asn1/a_type.c.bool-cmp	2015-03-18 13:02:36.000000000 +0100
++++ openssl-1.0.1e/crypto/asn1/a_type.c	2015-03-18 14:38:07.111401390 +0100
+@@ -124,6 +124,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co
+ 	case V_ASN1_OBJECT:
+ 		result = OBJ_cmp(a->value.object, b->value.object);
+ 		break;
++	case V_ASN1_BOOLEAN:
++		result = a->value.boolean - b->value.boolean;
++		break;
+ 	case V_ASN1_NULL:
+ 		result = 0;	/* They do not have content. */
+ 		break;
diff --git a/SOURCES/openssl-1.0.1e-cve-2015-0287.patch b/SOURCES/openssl-1.0.1e-cve-2015-0287.patch
new file mode 100644
index 0000000..f77b099
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-cve-2015-0287.patch
@@ -0,0 +1,46 @@
+diff -up openssl-1.0.1e/crypto/asn1/tasn_dec.c.item-reuse openssl-1.0.1e/crypto/asn1/tasn_dec.c
+--- openssl-1.0.1e/crypto/asn1/tasn_dec.c.item-reuse	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/asn1/tasn_dec.c	2015-03-19 15:46:51.097022616 +0100
+@@ -310,9 +310,19 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
+ 		case ASN1_ITYPE_CHOICE:
+ 		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ 				goto auxerr;
+-
+-		/* Allocate structure */
+-		if (!*pval && !ASN1_item_ex_new(pval, it))
++		if (*pval)
++			{
++			/* Free up and zero CHOICE value if initialised */
++			i = asn1_get_choice_selector(pval, it);
++			if ((i >= 0) && (i < it->tcount))
++				{
++				tt = it->templates + i;
++				pchptr = asn1_get_field_ptr(pval, tt);
++				ASN1_template_free(pchptr, tt);
++				asn1_set_choice_selector(pval, -1, it);
++				}
++			}
++		else if (!ASN1_item_ex_new(pval, it))
+ 			{
+ 			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ 						ERR_R_NESTED_ASN1_ERROR);
+@@ -407,6 +417,19 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
+ 		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ 				goto auxerr;
+ 
++		/* Free up and zero any ADB found */
++		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
++			{
++			if (tt->flags & ASN1_TFLG_ADB_MASK)
++				{
++				const ASN1_TEMPLATE *seqtt;
++				ASN1_VALUE **pseqval;
++				seqtt = asn1_do_adb(pval, tt, 1);
++				pseqval = asn1_get_field_ptr(pval, seqtt);
++				ASN1_template_free(pseqval, seqtt);
++				}
++			}
++
+ 		/* Get each field entry */
+ 		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
+ 			{
diff --git a/SOURCES/openssl-1.0.1e-cve-2015-0288.patch b/SOURCES/openssl-1.0.1e-cve-2015-0288.patch
new file mode 100644
index 0000000..c8dc6b9
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-cve-2015-0288.patch
@@ -0,0 +1,12 @@
+diff -up openssl-1.0.1e/crypto/x509/x509_req.c.req-null-deref openssl-1.0.1e/crypto/x509/x509_req.c
+--- openssl-1.0.1e/crypto/x509/x509_req.c.req-null-deref	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/x509/x509_req.c	2015-03-18 18:34:35.732448017 +0100
+@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_
+ 		goto err;
+ 
+ 	pktmp = X509_get_pubkey(x);
++	if (pktmp == NULL)
++		goto err;
+ 	i=X509_REQ_set_pubkey(ret,pktmp);
+ 	EVP_PKEY_free(pktmp);
+ 	if (!i) goto err;
diff --git a/SOURCES/openssl-1.0.1e-cve-2015-0289.patch b/SOURCES/openssl-1.0.1e-cve-2015-0289.patch
new file mode 100644
index 0000000..b52889d
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-cve-2015-0289.patch
@@ -0,0 +1,184 @@
+diff -up openssl-1.0.1e/crypto/pkcs7/pk7_doit.c.pkcs7-null-deref openssl-1.0.1e/crypto/pkcs7/pk7_doit.c
+--- openssl-1.0.1e/crypto/pkcs7/pk7_doit.c.pkcs7-null-deref	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/pkcs7/pk7_doit.c	2015-03-18 18:54:10.064871658 +0100
+@@ -272,6 +272,27 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
+ 	PKCS7_RECIP_INFO *ri=NULL;
+ 	ASN1_OCTET_STRING *os=NULL;
+ 
++	if (p7 == NULL)
++		{
++		PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
++		return NULL;
++		}
++	/*
++	 * The content field in the PKCS7 ContentInfo is optional, but that really
++	 * only applies to inner content (precisely, detached signatures).
++	 *
++	 * When reading content, missing outer content is therefore treated as an
++	 * error.
++	 *
++	 * When creating content, PKCS7_content_new() must be called before
++	 * calling this method, so a NULL p7->d is always an error.
++	 */
++	if (p7->d.ptr == NULL)
++		{
++		PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
++		return NULL;
++		}
++
+ 	i=OBJ_obj2nid(p7->type);
+ 	p7->state=PKCS7_S_HEADER;
+ 
+@@ -433,6 +454,18 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+        unsigned char *ek = NULL, *tkey = NULL;
+        int eklen = 0, tkeylen = 0;
+ 
++	if (p7 == NULL)
++		{
++		PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
++		return NULL;
++		}
++
++	if (p7->d.ptr == NULL)
++		{
++		PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
++		return NULL;
++		}
++
+ 	i=OBJ_obj2nid(p7->type);
+ 	p7->state=PKCS7_S_HEADER;
+ 
+@@ -440,6 +473,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+ 		{
+ 	case NID_pkcs7_signed:
+ 		data_body=PKCS7_get_octet_string(p7->d.sign->contents);
++		if (!PKCS7_is_detached(p7) && data_body == NULL)
++			{
++			PKCS7err(PKCS7_F_PKCS7_DATADECODE,
++				PKCS7_R_NO_CONTENT);
++			goto err;
++			}
+ 		md_sk=p7->d.sign->md_algs;
+ 		break;
+ 	case NID_pkcs7_signedAndEnveloped:
+@@ -747,6 +786,18 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ 	STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
+ 	ASN1_OCTET_STRING *os=NULL;
+ 
++	if (p7 == NULL)
++		{
++		PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
++		return 0;
++		}
++
++	if (p7->d.ptr == NULL)
++		{
++		PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
++		return 0;
++		}
++
+ 	EVP_MD_CTX_init(&ctx_tmp);
+ 	i=OBJ_obj2nid(p7->type);
+ 	p7->state=PKCS7_S_HEADER;
+@@ -791,6 +842,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ 		/* If detached data then the content is excluded */
+ 		if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+ 			M_ASN1_OCTET_STRING_free(os);
++			os = NULL;
+ 			p7->d.sign->contents->d.data = NULL;
+ 		}
+ 		break;
+@@ -801,6 +853,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ 		if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
+ 			{
+ 			M_ASN1_OCTET_STRING_free(os);
++			os = NULL;
+ 			p7->d.digest->contents->d.data = NULL;
+ 			}
+ 		break;
+@@ -873,23 +926,32 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ 		M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
+ 		}
+ 
+-	if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF))
++	if (!PKCS7_is_detached(p7))
+ 		{
+-		char *cont;
+-		long contlen;
+-		btmp=BIO_find_type(bio,BIO_TYPE_MEM);
+-		if (btmp == NULL)
+-			{
+-			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
++		/*
++		 * NOTE(emilia): I think we only reach os == NULL here because detached
++		 * digested data support is broken.
++		 */
++		if (os == NULL)
+ 			goto err;
++		if (!(os->flags & ASN1_STRING_FLAG_NDEF))
++			{
++			char *cont;
++			long contlen;
++			btmp=BIO_find_type(bio,BIO_TYPE_MEM);
++			if (btmp == NULL)
++				{
++				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
++				goto err;
++				}
++			contlen = BIO_get_mem_data(btmp, &cont);
++			/* Mark the BIO read only then we can use its copy of the data
++			 * instead of making an extra copy.
++			 */
++			BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
++			BIO_set_mem_eof_return(btmp, 0);
++			ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
+ 			}
+-		contlen = BIO_get_mem_data(btmp, &cont);
+-		/* Mark the BIO read only then we can use its copy of the data
+-		 * instead of making an extra copy.
+-		 */
+-		BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+-		BIO_set_mem_eof_return(btmp, 0);
+-		ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
+ 		}
+ 	ret=1;
+ err:
+@@ -928,6 +990,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_
+ 	if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0)
+ 		goto err;
+ 	OPENSSL_free(abuf);
++	abuf = NULL;
+ 	if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
+ 		goto err;
+ 	abuf = OPENSSL_malloc(siglen);
+@@ -965,6 +1028,18 @@ int PKCS7_dataVerify(X509_STORE *cert_st
+ 	STACK_OF(X509) *cert;
+ 	X509 *x509;
+ 
++	if (p7 == NULL)
++		{
++		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
++		return 0;
++		}
++
++	if (p7->d.ptr == NULL)
++		{
++		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
++		return 0;
++		}
++
+ 	if (PKCS7_type_is_signed(p7))
+ 		{
+ 		cert=p7->d.sign->cert;
+diff -up openssl-1.0.1e/crypto/pkcs7/pk7_lib.c.pkcs7-null-deref openssl-1.0.1e/crypto/pkcs7/pk7_lib.c
+--- openssl-1.0.1e/crypto/pkcs7/pk7_lib.c.pkcs7-null-deref	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/pkcs7/pk7_lib.c	2015-03-18 18:05:58.398767116 +0100
+@@ -459,6 +459,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EV
+ 
+ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+ 	{
++	if (p7 == NULL || p7->d.ptr == NULL)
++		return NULL;
+ 	if (PKCS7_type_is_signed(p7))
+ 		{
+ 		return(p7->d.sign->signer_info);
diff --git a/SOURCES/openssl-1.0.1e-cve-2015-0292.patch b/SOURCES/openssl-1.0.1e-cve-2015-0292.patch
new file mode 100644
index 0000000..dd6a737
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-cve-2015-0292.patch
@@ -0,0 +1,11 @@
+diff -up openssl-1.0.1e/crypto/evp/encode.c.b64-underflow openssl-1.0.1e/crypto/evp/encode.c
+--- openssl-1.0.1e/crypto/evp/encode.c.b64-underflow	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/encode.c	2015-03-18 18:16:26.452331934 +0100
+@@ -324,6 +324,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx
+ 				v=EVP_DecodeBlock(out,d,n);
+ 				n=0;
+ 				if (v < 0) { rv=0; goto end; }
++				if (eof > v) { rv=-1; goto end; }
+ 				ret+=(v-eof);
+ 				}
+ 			else
diff --git a/SOURCES/openssl-1.0.1e-cve-2015-0293.patch b/SOURCES/openssl-1.0.1e-cve-2015-0293.patch
new file mode 100644
index 0000000..1ca78b3
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-cve-2015-0293.patch
@@ -0,0 +1,102 @@
+diff -up openssl-1.0.1e/ssl/s2_lib.c.ssl2-assert openssl-1.0.1e/ssl/s2_lib.c
+--- openssl-1.0.1e/ssl/s2_lib.c.ssl2-assert	2015-03-18 13:02:36.000000000 +0100
++++ openssl-1.0.1e/ssl/s2_lib.c	2015-03-18 18:22:20.195322489 +0100
+@@ -488,7 +488,7 @@ int ssl2_generate_key_material(SSL *s)
+ 
+ 		OPENSSL_assert(s->session->master_key_length >= 0
+ 		    && s->session->master_key_length
+-		    < (int)sizeof(s->session->master_key));
++		    <= (int)sizeof(s->session->master_key));
+ 		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
+ 		EVP_DigestUpdate(&ctx,&c,1);
+ 		c++;
+diff -up openssl-1.0.1e/ssl/s2_srvr.c.ssl2-assert openssl-1.0.1e/ssl/s2_srvr.c
+--- openssl-1.0.1e/ssl/s2_srvr.c.ssl2-assert	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/s2_srvr.c	2015-03-18 18:30:11.403974038 +0100
+@@ -446,9 +446,6 @@ static int get_client_master_key(SSL *s)
+ 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
+ 		return(-1);
+ 		}
+-	i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
+-		&(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
+-		(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
+ 
+ 	is_export=SSL_C_IS_EXPORT(s->session->cipher);
+ 	
+@@ -467,21 +464,61 @@ static int get_client_master_key(SSL *s)
+ 	else
+ 		ek=5;
+ 
++	/*
++	 * The format of the CLIENT-MASTER-KEY message is
++	 * 1 byte message type
++	 * 3 bytes cipher
++	 * 2-byte clear key length (stored in s->s2->tmp.clear)
++	 * 2-byte encrypted key length (stored in s->s2->tmp.enc)
++	 * 2-byte key args length (IV etc)
++	 * clear key
++	 * encrypted key
++	 * key args
++	 *
++	 * If the cipher is an export cipher, then the encrypted key bytes
++	 * are a fixed portion of the total key (5 or 8 bytes). The size of
++	 * this portion is in |ek|. If the cipher is not an export cipher,
++	 * then the entire key material is encrypted (i.e., clear key length
++	 * must be zero).
++	 */
++	 if ((!is_export && s->s2->tmp.clear != 0) ||
++		(is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c)))
++		{
++		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
++		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
++		return -1;
++		}
++	/*
++	 * The encrypted blob must decrypt to the encrypted portion of the key.
++	 * Decryption can't be expanding, so if we don't have enough encrypted
++	 * bytes to fit the key in the buffer, stop now.
++	 */
++	if ((is_export && s->s2->tmp.enc < ek) ||
++		(!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c)))
++		{
++		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
++		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
++		return -1;
++		}
++
++	i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
++		&(p[s->s2->tmp.clear]),
++		&(p[s->s2->tmp.clear]),
++		(s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : RSA_PKCS1_PADDING);
++
+ 	/* bad decrypt */
+ #if 1
+ 	/* If a bad decrypt, continue with protocol but with a
+ 	 * random master secret (Bleichenbacher attack) */
+-	if ((i < 0) ||
+-		((!is_export && (i != EVP_CIPHER_key_length(c)))
+-		|| (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
+-			(unsigned int)EVP_CIPHER_key_length(c))))))
++	if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
++		|| (is_export && i != ek)))
+ 		{
+ 		ERR_clear_error();
+ 		if (is_export)
+ 			i=ek;
+ 		else
+ 			i=EVP_CIPHER_key_length(c);
+-		if (RAND_pseudo_bytes(p,i) <= 0)
++		if (RAND_pseudo_bytes(&p[s->s2->tmp.clear],i) <= 0)
+ 			return 0;
+ 		}
+ #else
+@@ -505,7 +542,8 @@ static int get_client_master_key(SSL *s)
+ 		}
+ #endif
+ 
+-	if (is_export) i+=s->s2->tmp.clear;
++	if (is_export)
++		i = EVP_CIPHER_key_length(c);
+ 
+ 	if (i > SSL_MAX_MASTER_KEY_LENGTH)
+ 		{
diff --git a/SOURCES/openssl-1.0.1e-evp-wrap.patch b/SOURCES/openssl-1.0.1e-evp-wrap.patch
index bf46f6c..ecb43a4 100644
--- a/SOURCES/openssl-1.0.1e-evp-wrap.patch
+++ b/SOURCES/openssl-1.0.1e-evp-wrap.patch
@@ -1071,17 +1071,17 @@ diff -up openssl-1.0.1e/crypto/modes/wrap128.c.wrap openssl-1.0.1e/crypto/modes/
 +	unsigned char got_iv[8];
 +
 +	ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block);
-+	if (ret != inlen)
-+		return ret;
++	if (ret == 0)
++		return 0;
 +
 +	if (!iv)
 +		iv = default_iv;
-+	if (CRYPTO_memcmp(out, iv, 8))
++	if (CRYPTO_memcmp(got_iv, iv, 8))
 +		{
-+		OPENSSL_cleanse(out, inlen);
++		OPENSSL_cleanse(out, ret);
 +		return 0;
 +		}
-+	return inlen;
++	return ret;
 +	}
 +
 +/** Wrapping according to RFC 5649 section 4.1.
@@ -1102,7 +1102,7 @@ diff -up openssl-1.0.1e/crypto/modes/wrap128.c.wrap openssl-1.0.1e/crypto/modes/
 +		const unsigned char *in, size_t inlen, block128_f block)
 +	{
 +	/* n: number of 64-bit blocks in the padded key data */
-+	const size_t blocks_padded = (inlen + 8) / 8;
++	const size_t blocks_padded = (inlen + 7) / 8;
 +	const size_t padded_len = blocks_padded * 8;
 +	const size_t padding_len = padded_len - inlen;
 +	/* RFC 5649 section 3: Alternative Initial Value */
@@ -1136,7 +1136,7 @@ diff -up openssl-1.0.1e/crypto/modes/wrap128.c.wrap openssl-1.0.1e/crypto/modes/
 +		block(out, out, key);
 +		ret = 16; /* AIV + padded input */
 +		}
-+		else
++	else
 +		{
 +		memmove(out, in, inlen);
 +		memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */
@@ -1194,7 +1194,7 @@ diff -up openssl-1.0.1e/crypto/modes/wrap128.c.wrap openssl-1.0.1e/crypto/modes/
 +		memmove(out, out + 8, 8);
 +		padded_len = 8;
 +		}
-+		else
++	else
 +		{
 +		padded_len = inlen - 8;
 +		ret = crypto_128_unwrap_raw(key, aiv, out, out, inlen, block);
diff --git a/SPECS/openssl.spec b/SPECS/openssl.spec
index 4900dd3..87367a0 100644
--- a/SPECS/openssl.spec
+++ b/SPECS/openssl.spec
@@ -23,7 +23,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1e
-Release: 42%{?dist}
+Release: 42%{?dist}.4
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -127,6 +127,13 @@ Patch118: openssl-1.0.1e-cve-2015-0204.patch
 Patch119: openssl-1.0.1e-cve-2015-0205.patch
 Patch120: openssl-1.0.1e-cve-2015-0206.patch
 Patch121: openssl-1.0.1e-cc-reqs.patch
+Patch122: openssl-1.0.1e-cve-2015-0209.patch
+Patch123: openssl-1.0.1e-cve-2015-0286.patch
+Patch124: openssl-1.0.1e-cve-2015-0287.patch
+Patch125: openssl-1.0.1e-cve-2015-0288.patch
+Patch126: openssl-1.0.1e-cve-2015-0289.patch
+Patch127: openssl-1.0.1e-cve-2015-0292.patch
+Patch128: openssl-1.0.1e-cve-2015-0293.patch
 
 License: OpenSSL
 Group: System Environment/Libraries
@@ -284,6 +291,13 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
 %patch119 -p1 -b .dh-unauthenticated
 %patch120 -p1 -b .dtls-rec-leak
 %patch121 -p1 -b .cc-reqs
+%patch122 -p1 -b .use-after-free
+%patch123 -p1 -b .bool-cmp
+%patch124 -p1 -b .item-reuse
+%patch125 -p1 -b .req-null-deref
+%patch126 -p1 -b .pkcs7-null-deref
+%patch127 -p1 -b .b64-underflow
+%patch128 -p1 -b .ssl2-assert
 
 sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
 
@@ -550,6 +564,23 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Thu Mar 19 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.4
+- update fix for CVE-2015-0287 to what was released upstream
+
+* Wed Mar 18 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.3
+- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()
+- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison
+- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption
+- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data
+- fix CVE-2015-0292 - integer underflow in base64 decoder
+- fix CVE-2015-0293 - triggerable assert in SSLv2 server
+
+* Mon Mar 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.2
+- fix broken error detection when unwrapping unpadded key
+
+* Mon Mar  2 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.1
+- fix the RFC 5649 for key material that does not need padding
+
 * Thu Jan 15 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42
 - test in the non-FIPS RSA keygen for minimal distance of p and q
   similarly to the FIPS RSA keygen