OpenSSL have published a security advisory. Here's how it affects BoringSSL:
| CVE | Summary | Severity in OpenSSL | Impact to BoringSSL |
|---|---|---|---|
| CVE-2016-7054 | ChaCha20/Poly1305 heap-buffer-overflow | High | Not affected; bug was introduced after fork. |
| CVE-2016-7053 | CMS Null dereference | Moderate | Not affected; bug was introduced after fork and we dropped CMS code. |
| CVE-2016-7055 | Montgomery multiplication may produce incorrect results | Low | Not affected; bug is in ADX assembly code which was not enabled in BoringSSL. |