OpenSSL Advisory: Sept 26th 2016

OpenSSL have published a security advisory. Here's how it affects BoringSSL:

CVE	Summary	Severity in OpenSSL	Impact to BoringSSL
CVE-2016-6309	Use After Free for large message sizes.	Critical	Not affected. The code in question was not included in BoringSSL. We’ll add a test anyway.
CVE-2016-7052	Crash when using CRLs	High	Affected. Fix was imported. See discussion below.

CVE-2016-7052

This bug causes a NULL pointer deref in some cases while processing a CRL. We imported the affected code in e76cdde7 (July 26th) so it has been in BoringSSL for some months. The fix was imported in f9f312a.