Looking at the list of bugs for mingw32-openssl in EPEL-5 for various security issues, I did a cross check of what's tracked, and what is listed as affecting 0.9.8j on the upstream vulnerability page:
The check yielded another long list of issues that were never fixed in EPEL-5.
CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387 CVE-2009-3245 CVE-2009-3555 CVE-2009-4355 CVE-2010-0433 CVE-2010-0740 CVE-2010-0742 CVE-2010-3864 CVE-2010-4180 CVE-2011-0014 CVE-2013-0166
+ CVE-2009-0789, which may not affect mingw32-openssl
All mingw32 packages have been removed from EPEL-5 as per https://fedorahosted.org/rel-eng/ticket/5977