From IRC discussion:

	< bigeasy> for CVE-2018-0735 I would remove openssl1.0 because it was fixed as part of CVE-2018-5407. Any objections?
	< jmm_> bigeasy: sounds good
	< carnil> or actually track it as fixed with the same version?
	< bigeasy> DLA did that but upstream never release an advisory for 1.0.2. Only 1.1.0 and 1.1.1. And then they backported the whole function which already included CVE-2018-0735.
	< bigeasy> but if you want I can instead mark in the changelog for 1.0.2. it is up to you guys
	< Q_> bigeasy: As far as I know, those CVEs have nothing to do with each other?
	< bigeasy> well. CVE-2018-0735 does a +1 -> +2 in one place and this function gets copied as as part of CVE-2018-5407.
	< bigeasy> so there is that. however CVE-2018-0735 somehow ended in the securtiy-tracker for 1.0.2/openssl1.0 and I just asked for permission to remove it
	< Q_> Right, the vulnerable code was never present in 1.0.2.

As such add back the src:openssl1.0 source package back but make clear
why it is not affected as the vulnerable code never landed in a 1.0.2
release.

Partially reverts 12615d5f ("Remove CVE-2018-0735 from openssl1.0").