Upstream ended 1.0.2 support with 2019, but we still have many packages depending on it.

$ (git grep -l openssl_1_0_2 pkgs/; grep openssl_1_0_2 pkgs/top-level/all-packages.nix) | wc -l
65

I know of no issues since the last release, so I'm not marking it as vulnerable yet, but the dependents would better start migrating in advance.

Stable: it's unclear to me what we do about these in 19.09, but perhaps there won't be any notable vulnerabilities before 19.09 support ends :-) 1.0.2 is the default in 19.03, but we don't support that anymore.