--- /dev/null
+Subject: OpenSSL security release patches
+
+This information is for your internal organisational use only, must
+not be shared outside of your organisation (not even to other under
+NDA). This is TLP:Amber
+http://en.wikipedia.org/wiki/Traffic_Light_Protocol
+
+On June 5th 2014 at around 1200 UTC the OpenSSL team will release
+updated versions of OpenSSL 0.9.8, 1.0.0, and 1.0.1 that fix several
+security issues. We are not aware of any public exploits for the
+issues, and we do not believe they are being actively exploited.
+
+We are providing theses patches and details to selected distribution
+vendors in advance of the release to enable them to prepare and have
+updates available at the time of release.
+
+We also let various infrastructure providers know about this in
+advance because two of the issues are high severity and they may wish
+to apply the updates as soon as they are released. If you are
+approached for a copy of the advisory or patch please do not pass
+it on to anyone and instead have them contact me directly.
+
+Regards, Mark
+OpenSSL project
+
+[reminder to me, just run git log -p (-5 or whatever) on
+remotes/origin/steve/1.0.1h-secfix branch and post that diff]
+
+