I feel yum security plugin is not working as claimed here

For example, I know there is an outstanding CVE to openssl on my system

yum changelog 2017-01 openssl

Listing changelogs since 2017-01-06

==================== Available Packages ====================
1:openssl-1.0.1e-60.el7_3.1.x86_64       updates
* Mon Feb  6 07:00:00 2017 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-60.1
- fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher
- fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts

changelog stats. 2 pkgs, 2 source pkgs, 1 changelog

But when I use yum security plugin to install the particular CVE number, I get "no packages"

sudo yum update --cve CVE-2017-3731
No packages needed for security; 629 packages available
Resolving Dependencies

I know i'm running an older version

sudo rpm -q openssl
openssl-1.0.1e-51.el7_2.5.x86_64

"yum info-sec" should also list the list of changes with errata but openssl with this CVE is not listed.

When I run "yum updateinfo info --cve" with CVE referenced above, it claims my system is not vulnerable

yum updateinfo info --cve CVE-2017-3731
Loaded plugins: changelog, fastestmirror
updateinfo info done

It seems to the same case for kernel CVE and fixes, I can't seem to rely on the security plugin to pick any recent kernel CVEs such as dirty cow or double free

[localhost ~]$ sudo yum update --advisory=RHSA-2017:0403 
Loaded plugins: changelog, fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.lax.hugeserver.com
 * epel: mirrors.kernel.org
 * extras: centos.sonn.com
 * updates: cosmos.illinois.edu
No packages needed for security; 629 packages available
Resolving Dependencies

[localhost ~]$ sudo yum updateinfo --advisory=RHSA-2017:0403
Loaded plugins: changelog, fastestmirror
updateinfo summary done

[localhost ~]$ sudo yum updateinfo RHSA-2017:0403
Loaded plugins: changelog, fastestmirror
updateinfo info done