OpenSSL's internal certificate verification routines could
incorrectly accept a CRL whose nextUpdate field is in the
past (CVE-2011-3207).

Server code for ECDH could crash if it received a specially
crafted handshake message (CVE-2011-3210).