docs/advisories/2024-01-15.md - boringssl.git - Git at Google

 # OpenSSL Advisory: January 15th, 2024 (BoringSSL Not Affected)

 OpenSSL have published a pair of security advisories ([1](https://www.openssl.org/news/secadv/20240109.txt), [2](https://www.openssl.org/news/secadv/20240115.txt)). Here's how they affect BoringSSL:

 CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
 ----|---------|-----------------------|---------------------
 CVE-2023-6129 | POLY1305 MAC implementation corrupts vector registers on PowerPC | Low | Not affected; issue was introduced after fork. BoringSSL also does not support PowerPC.
 CVE-2023-6237 | Excessive time spent checking invalid RSA public keys | Low | Not affected; issue was introduced after fork. BoringSSL also applies RSA size limits at an earlier point to reduce DoS risks.

 [Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
	# OpenSSL Advisory: January 15th, 2024 (BoringSSL Not Affected)

	OpenSSL have published a pair of security advisories ([1](https://www.openssl.org/news/secadv/20240109.txt), [2](https://www.openssl.org/news/secadv/20240115.txt)). Here's how they affect BoringSSL:

	CVE \| Summary \| [Severity] in OpenSSL \| Impact to BoringSSL
	----\|---------\|-----------------------\|---------------------
	CVE-2023-6129 \| POLY1305 MAC implementation corrupts vector registers on PowerPC \| Low \| Not affected; issue was introduced after fork. BoringSSL also does not support PowerPC.
	CVE-2023-6237 \| Excessive time spent checking invalid RSA public keys \| Low \| Not affected; issue was introduced after fork. BoringSSL also applies RSA size limits at an earlier point to reduce DoS risks.

	[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity