I think that openssl50 should be openssl47 and openssl46, respectively.
I applied openssl47.patch to my 4.7R source tree, but some parts of
the patch were rejected as following.
sugar# patch -s < /tmp/security-fixes/openssl47.patch
1 out of 1 hunks failed--saving rejects to UPDATING.rej
1 out of 1 hunks failed--saving rejects to crypto/openssl/apps/openssl.cnf.rej
1 out of 3 hunks failed--saving rejects to crypto/openssl/apps/speed.c.rej
Reversed (or previously applied) patch detected! Assume -R? [y] ^Csugar#