docs/advisories/2016-11-10.md - boringssl.git - Git at Google

 # OpenSSL Advisory: November 10th 2016 (BoringSSL Not Affected)

 OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20161110.txt). Here's how it affects BoringSSL:

 CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
 ----|---------|-----------------------|---------------------
 CVE-2016-7054 | ChaCha20/Poly1305 heap-buffer-overflow | High | Not affected; bug was introduced after fork.
 CVE-2016-7053 | CMS Null dereference | Moderate | Not affected; bug was introduced after fork and we dropped CMS code.
 CVE-2016-7055 | Montgomery multiplication may produce incorrect results | Low | Not affected; bug is in ADX assembly code which was not enabled in BoringSSL.

 [Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
	# OpenSSL Advisory: November 10th 2016 (BoringSSL Not Affected)

	OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20161110.txt). Here's how it affects BoringSSL:

	CVE \| Summary \| [Severity] in OpenSSL \| Impact to BoringSSL
	----\|---------\|-----------------------\|---------------------
	CVE-2016-7054 \| ChaCha20/Poly1305 heap-buffer-overflow \| High \| Not affected; bug was introduced after fork.
	CVE-2016-7053 \| CMS Null dereference \| Moderate \| Not affected; bug was introduced after fork and we dropped CMS code.
	CVE-2016-7055 \| Montgomery multiplication may produce incorrect results \| Low \| Not affected; bug is in ADX assembly code which was not enabled in BoringSSL.

	[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity