Publish the remaining historical advisories

Fixed: 479225940
Change-Id: I594f5358da6f2083e3662f49f9d1e4d3b47cb53e
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90027
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
diff --git a/docs/advisories/2016-05-03.md b/docs/advisories/2016-05-03.md
new file mode 100644
index 0000000..4503567
--- /dev/null
+++ b/docs/advisories/2016-05-03.md
@@ -0,0 +1,15 @@
+# OpenSSL Advisory: May 3rd 2016
+
+OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20160503.txt). Here's how it affects BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2016-2108 | Memory corruption in the ASN.1 encoder | High | Fix imported in [c4eec0c1](https://boringssl.googlesource.com/boringssl/+/c4eec0c16b02c97a62a95b6a08656c3a9ddb6baa) in February 2016.
+CVE-2016-2107 | Padding oracle in AES-NI CBC MAC check | High | Not affected; buggy code was removed.
+CVE-2016-2109 | ASN.1 BIO excessive memory allocation | Low | Fix imported in [14b07a02](https://boringssl.googlesource.com/boringssl/+/14b07a02a6b16f24e6bd6cbb11f9904e9ee50442) in April 2016.
+CVE-2016-2106 | EVP_EncryptUpdate overflow | Low | Fix imported in [204dea8d](https://boringssl.googlesource.com/boringssl/+/204dea8daeee9935b2b08da2c2dfe7b890ed36a7) in May 2016.
+CVE-2016-2176 | EBCDIC overread | Low | Not affected; buggy code was removed.
+CVE-2016-2105 | Avoid overflow in EVP_EncodeUpdate | Low | Not affected; a BoringSSL change made it irrelevant and it’s barely a security bug upstream.
+
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
diff --git a/docs/advisories/2016-09-22.md b/docs/advisories/2016-09-22.md
new file mode 100644
index 0000000..683ec99
--- /dev/null
+++ b/docs/advisories/2016-09-22.md
@@ -0,0 +1,22 @@
+# OpenSSL Advisory: September 22nd 2016
+
+OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20160922.txt). Here's how it affects BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2016-6304 | OCSP Status Request extension unbounded memory growth | High | Not affected; buggy code was removed.
+CVE-2016-6305 | SSL_peek() hang on empty record | Moderate | Not affected; regression introduced after fork. (Added [test](https://boringssl-review.googlesource.com/c/11090/) anyway.)
+CVE-2016-2183 | SWEET32 Mitigation | Low | Not practical to do anything right now or of much interest (bulk ciphers do not affect downgrade and HIGH/MEDIUM aren't useful APIs for server operators).
+CVE-2016-6303 | OOB write in MDC2_Update | Low | Not affected; buggy code was removed.
+CVE-2016-6302 | Malformed SHA512 ticket DoS | Low | Not affected; independently fixed in [April 2015](https://boringssl.googlesource.com/boringssl/+/adcc39560e638d0e9866dac698d64370d1c0abef).
+CVE-2016-2182 | OOB write in BN_bn2dec | Low | Fix imported [August 2016](https://boringssl.googlesource.com/boringssl/+/958aaf1ea1b481e8ef32970d5b0add80504be4b2) (and then [rewritten](https://boringssl.googlesource.com/boringssl/+/7c040756178e14a4d181b6d93abb3827c93189c4)).
+CVE-2016-2180 | OOB read in TS_OBJ_print_bio | Low | Not affected; buggy code was removed.
+CVE-2016-2177 | Pointer arithmetic undefined behavior | Low | Not affected; buggy code was rewritten.
+CVE-2016-2178 | Constant time flag not preserved in DSA signing | Low | Fix imported [June 2016](https://boringssl.googlesource.com/boringssl/+/26b7c35d8c78065a57c93a01d95b31eb85de51b9).
+CVE-2016-2179 | DTLS buffered message DoS | Low | Not affected; buggy code was removed.
+CVE-2016-2181 | DTLS replay protection DoS | Low | Not affected; buggy code was removed.
+CVE-2016-6306 | Certificate message OOB reads | Low | Not affected; buggy code was rewritten.
+CVE-2016-6307 | Excessive allocation of memory on TLS messages | Low | Not affected; regression introduced after fork.
+CVE-2016-6308 | Excessive allocation of memory on DTLS messages | Low | Not affected; regression introduced after fork.
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
diff --git a/docs/advisories/2016-09-26.md b/docs/advisories/2016-09-26.md
new file mode 100644
index 0000000..84041c8
--- /dev/null
+++ b/docs/advisories/2016-09-26.md
@@ -0,0 +1,14 @@
+# OpenSSL Advisory: Sept 26th 2016
+
+OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20160926.txt). Here's how it affects BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2016-6309 | Use After Free for large message sizes. | Critical | Not affected. The code in question was not included in BoringSSL. We’ll add a test anyway.
+CVE-2016-7052 | Crash when using CRLs | High | Affected. Fix was imported. See discussion below.
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
+
+## CVE-2016-7052
+
+This bug causes a NULL pointer deref in some cases while processing a CRL. We imported the affected code in [e76cdde7](https://boringssl.googlesource.com/boringssl/+/e76cdde77d05e13c4743ce1b5fe102cb4dd30e03) (July 26th) so it has been in BoringSSL for some months. The fix was imported in [f9f312a](https://boringssl.googlesource.com/boringssl/+/f9f312af61f9ba87896736620d1e4e568c4442bd).
diff --git a/docs/advisories/2016-11-10.md b/docs/advisories/2016-11-10.md
new file mode 100644
index 0000000..1cfacd9
--- /dev/null
+++ b/docs/advisories/2016-11-10.md
@@ -0,0 +1,11 @@
+# OpenSSL Advisory: November 10th 2016 (BoringSSL Not Affected)
+
+OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20161110.txt). Here's how it affects BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2016-7054 | ChaCha20/Poly1305 heap-buffer-overflow | High | Not affected; bug was introduced after fork.
+CVE-2016-7053 | CMS Null dereference | Moderate | Not affected; bug was introduced after fork and we dropped CMS code.
+CVE-2016-7055 | Montgomery multiplication may produce incorrect results | Low | Not affected; bug is in ADX assembly code which was not enabled in BoringSSL.
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
diff --git a/docs/advisories/2017-02-16.md b/docs/advisories/2017-02-16.md
new file mode 100644
index 0000000..01fcfd7
--- /dev/null
+++ b/docs/advisories/2017-02-16.md
@@ -0,0 +1,9 @@
+# OpenSSL Advisory: February 16th 2017 (BoringSSL Not Affected)
+
+OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20170216.txt). Here's how it affects BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2017-3733 | Encrypt-Then-Mac renegotiation crash | High | Not affected, issue introduced after fork.
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
diff --git a/docs/advisories/2017-08-28.md b/docs/advisories/2017-08-28.md
new file mode 100644
index 0000000..41f0fbd
--- /dev/null
+++ b/docs/advisories/2017-08-28.md
@@ -0,0 +1,9 @@
+# OpenSSL Advisory: August 28th, 2017 (BoringSSL Not Affected)
+
+OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20170828.txt). Here's how it affects BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2017-3735 | Malformed X.509 IPAddressFamily could cause OOB read | Low | Not affected; impacted code was removed.
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
diff --git a/docs/advisories/2017-11-02.md b/docs/advisories/2017-11-02.md
new file mode 100644
index 0000000..1221d28
--- /dev/null
+++ b/docs/advisories/2017-11-02.md
@@ -0,0 +1,15 @@
+# OpenSSL Advisory: November 2nd, 2017 (BoringSSL Not Affected)
+
+OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20171102.txt). Here's how it affects BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2017-3736 | bn_sqrx8x_internal carry bug on x86_64 | Moderate | Not affected, affected code is not enabled in BoringSSL. See discussion below.
+CVE-2017-3735 | Malformed X.509 IPAddressFamily could cause OOB read | Low | Not affected, affected code was removed in fork
+
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
+
+## CVE-2017-3736
+
+The code was [enabled](https://boringssl.googlesource.com/boringssl/+/488ca0eacefd3bc8c7570e8ed5053f4a49451419) briefly at BoringSSL head on 2017-08-14, but it was [reverted](https://boringssl.googlesource.com/boringssl/+/874c73804a4bbcb169acb8971f111b449fa44eaf) 24 hours later when we learned of the bug.
diff --git a/docs/advisories/2017-12-07.md b/docs/advisories/2017-12-07.md
new file mode 100644
index 0000000..b6b491a
--- /dev/null
+++ b/docs/advisories/2017-12-07.md
@@ -0,0 +1,22 @@
+# OpenSSL Advisory: December 7th, 2017
+
+OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20171207.txt). Here's how it affects BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2017-3738 | rsaz_1024_mul_avx2 overflow bug | Low | Fix [imported](https://boringssl-review.googlesource.com/23884). See discussion below.
+CVE-2017-3737 | Read/write after SSL object in error state | Moderate | Not affected; bug was introduced after fork. Recent revisions of BoringSSL fully support calling operations after fatal errors and do not consider it an application bug.
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
+
+## CVE-2017-3738
+
+(This was found by Google’s OSS-Fuzz project.)
+
+Despite the function name, the code in question applies to DSA and Finite-Field Diffie-Hellman (FFDH), as well as RSA. In BoringSSL, this applies to *all* processors which support AVX2, not just those which do not support ADX. (We do not ship the ADX code, which previously had a different bug.)
+
+RSA: The obvious attacks against RSA do not work because anti-glitching countermeasures will trigger. However, this does not eliminate the possibility of obtaining a Bleichenbacher-like oracle using this bug, and we recommend updating promptly.
+
+FFDH: BoringSSL does not support FFDH in TLS. Non-TLS uses of DH with reused private keys could be affected.
+
+DSA: BoringSSL has almost completely removed support for DSA. OpenSSL believes that attacks on DSA would be “very difficult to perform and are not believed likely”. We have not investigated more deeply due to our low DSA use.
diff --git a/docs/advisories/2018-04-16.md b/docs/advisories/2018-04-16.md
new file mode 100644
index 0000000..9f02818
--- /dev/null
+++ b/docs/advisories/2018-04-16.md
@@ -0,0 +1,15 @@
+# OpenSSL Advisory: April 16th 2018
+
+OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20180416.txt). Here's how it affects BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2018-0737 | Cache timing vulnerability in RSA Key Generation | Low | Fixed independently in March
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
+
+## CVE-2018-0737
+
+The root cause in OpenSSL, the error-prone `BN_FLG_CONSTTIME` pattern was [removed](https://boringssl.googlesource.com/boringssl/+/0a211dfe91588d2986a8735e1969dd9202a8b025%5E!/) in BoringSSL some time ago, so the issues stemming from the code pattern do not impact BoringSSL.
+
+Of the particular [timing leaks](http://seclists.org/oss-sec/2018/q2/50) in RSA key generation, BoringSSL [fixed](https://boringssl.googlesource.com/boringssl/+/7fcbfdbdf3c42c2ed75d8328d215487a44ddf916%5E%21/) the second some time ago. The others affected BoringSSL until recently. We had recently independently rewritten RSA key generation to address these and additional side channels. This work was completed by the [end of March](https://issues.chromium.org/issues/42290108).
diff --git a/docs/advisories/2018-06-12.md b/docs/advisories/2018-06-12.md
new file mode 100644
index 0000000..c76958e
--- /dev/null
+++ b/docs/advisories/2018-06-12.md
@@ -0,0 +1,9 @@
+# OpenSSL Advisory: June 12th, 2018 (BoringSSL Not Affected)
+
+OpenSSL have published a [security advisory](https://openssl-library.org/news/secadv/20180612.txt). Here's how it affects BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2018-0732 | Client DoS due to large DH parameter | Low | Not affected; we independently fixed this in [2015](https://boringssl-review.googlesource.com/6464) and removed DHE cipher suites from TLS altogether in [2017](https://boringssl-review.googlesource.com/14284).
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
diff --git a/docs/advisories/2018-10-29.md b/docs/advisories/2018-10-29.md
new file mode 100644
index 0000000..e98a537
--- /dev/null
+++ b/docs/advisories/2018-10-29.md
@@ -0,0 +1,14 @@
+# OpenSSL Advisory: October 29th, 2018 (BoringSSL Not Affected)
+
+OpenSSL have published two security advisories ([1](https://openssl-library.org/news/secadv/20181029.txt), [2](https://openssl-library.org/news/secadv/20181030.txt)). Here's how they affect BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2018-0734 | Timing vulnerability in DSA signature generation | Low | Not affected, impacted code was removed from BoringSSL in the initial fork
+CVE-2018-0735 | Timing vulnerability in ECDSA signature generation | Low | Not affected, issue was introduced after fork
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
+
+## CVE-2018-0734 and CVE-2018-0735
+
+These are low-severity timing leaks in OpenSSL’s EC scalar multiplication and DSA signing implementations. As a partial mitigation for a [deeper issue](https://github.com/openssl/openssl/issues/6640) in OpenSSL’s `BIGNUM` library, OpenSSL adds extra copies of the group order to the scalar before multiplying (EC) and exponentiating (DSA). This advisory addresses leaks in that logic. BoringSSL [removed](https://boringssl-review.googlesource.com/23075) the impacted code last year and [fixed](https://issues.chromium.org/issues/42290102) the underlying `BIGNUM` issue, so it is unaffected.
diff --git a/docs/advisories/2018-11-13.md b/docs/advisories/2018-11-13.md
new file mode 100644
index 0000000..17b097b
--- /dev/null
+++ b/docs/advisories/2018-11-13.md
@@ -0,0 +1,17 @@
+# OpenSSL Advisory: November 13th 2018 (BoringSSL Not Affected)
+
+OpenSSL have published a [security advisory](https://openssl-library.org/news/secadv/20181112.txt). Here's how it affects BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2018-5407 | Microarchitecture timing vulnerability in ECC scalar multiplication | Low | Not affected, see discussion below
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
+
+## CVE-2018-5407
+
+This is a low-severity side-channel issue in OpenSSL’s ECC code. BoringSSL is not affected since we undertook a significant rewrite of the ECC code to eliminate such side-channels.
+
+More interestingly, the attack appears to use a new method for extracting information from non-constant-time code, called [PortSmash](https://eprint.iacr.org/2018/1060.pdf) by the authors. They provoke contention on execution ports across hyperthreads and measure the resulting timing differences.
+
+However, this is just another way of extracting information from non-constant-time code. It does not make vulnerable instruction patterns that were previously believed to be safe.
diff --git a/docs/advisories/2019-02-26.md b/docs/advisories/2019-02-26.md
new file mode 100644
index 0000000..24f3148
--- /dev/null
+++ b/docs/advisories/2019-02-26.md
@@ -0,0 +1,15 @@
+# OpenSSL Advisory: February 26th 2019 (BoringSSL Not Affected)
+
+OpenSSL have published a [security advisory](https://openssl-library.org/news/secadv/20190226.txt). Here's how it affects BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2019-1559 | 0-byte record padding oracle | Moderate | Not affected. CBC decoding is encapsulated in the AEAD interface and doesn’t interact with the TLS state machine.
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
+
+## bn_cmp_words underrun
+
+Not mentioned in the security advisory, but [included](https://github.com/openssl/openssl/commit/b250f2a431ab0cc03a8a1cc4cdc1a7e9ecb052a6) in the source update, is a fix to `bn_cmp_words` found by ChromeOS fuzzing. The arithmetic issue appears to be harmless but, when triggered, this causes the bigint code to read one word before the start of a malloced buffer. With OpenSSL this may cause a crash if the malloced buffer starts at a page boundary and the previous page isn’t readable.
+
+In BoringSSL, this erroneous path was reachable for about a day on our main branch, in January 2018. However in BoringSSL the prior word will be the length of the buffer so this is harmless. The issue was independently fixed in BoringSSL, when other side channel work [removed `bn_cmp_words` altogether](https://boringssl-review.googlesource.com/25404).
diff --git a/docs/advisories/2019-03-06.md b/docs/advisories/2019-03-06.md
new file mode 100644
index 0000000..07f841d
--- /dev/null
+++ b/docs/advisories/2019-03-06.md
@@ -0,0 +1,17 @@
+# OpenSSL Advisory: March 6th, 2019 (BoringSSL Not Affected)
+
+OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20190306.txt). Here's how it affects BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2019-1543 | ChaCha20-Poly1305 with long nonces | Low | Not affected, issue was introduced after fork
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
+
+## CVE-2019-1543
+
+[ChaCha20-Poly1305](https://www.rfc-editor.org/rfc/rfc7539.html) takes a 96-bit (12 byte) nonce input. OpenSSL's implementation included a non-standard extension where it took a variable-length input and zero-padded it as necessary. However, it incorrectly allowed inputs up to 16 bytes and truncated long ones down to 12 bytes. This truncation means that an application using 16-byte nonces may still internally reuse nonce values, breaking the integrity of the cipher.
+
+BoringSSL does not implement this non-standard extension and thus is unaffected. It only accepts 12-byte nonces, matching the specification.
+
+Note: zero-padding short nonces still results in internal collisions when a single key is used with nonces of different lengths. ChaCha20-Poly1305 should only be used with the standard 12-byte nonce length.
diff --git a/docs/advisories/2019-12-06.md b/docs/advisories/2019-12-06.md
new file mode 100644
index 0000000..abecfbe
--- /dev/null
+++ b/docs/advisories/2019-12-06.md
@@ -0,0 +1,15 @@
+# OpenSSL Advisory: December 6th, 2019 (BoringSSL Not Affected)
+
+OpenSSL have published a [security advisory](https://openssl-library.org/news/secadv/20191206.txt). Here's how it affects BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2019-1551 | rsaz_512_sqr overflow bug on x86_64 | Low | Not affected, impacted code was removed from BoringSSL in 2016
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
+
+## CVE-2019-1551
+
+There was an overflow bug in OpenSSL’s x86_64 optimizations. This affected modular exponentiation with 512-bit moduli and secret exponent, most commonly used by 1024-bit RSA. OpenSSL’s advisory additionally lists 3-prime RSA1536, DSA1024, and DH512. (We suspect that the listing of DSA1024 rather than DSA512 might be a mistake.)
+
+BoringSSL is not affected by this bug, having removed the relevant code at the [end of 2016](https://boringssl-review.googlesource.com/c/boringssl/+/12841).
diff --git a/docs/advisories/2020-04-21.md b/docs/advisories/2020-04-21.md
new file mode 100644
index 0000000..7cf8865
--- /dev/null
+++ b/docs/advisories/2020-04-21.md
@@ -0,0 +1,9 @@
+# OpenSSL Advisory: April 21st, 2020 (BoringSSL Not Affected)
+
+OpenSSL have published a [security advisory](https://openssl-library.org/news/secadv/20200421.txt). Here's how it affects BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2020-1967 | Segmentation fault in SSL_check_chain | High | Not affected, issue was introduced after fork
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
diff --git a/docs/advisories/2020-12-08.md b/docs/advisories/2020-12-08.md
new file mode 100644
index 0000000..9e6e620
--- /dev/null
+++ b/docs/advisories/2020-12-08.md
@@ -0,0 +1,15 @@
+# OpenSSL Advisory: December 8th, 2020
+
+OpenSSL have published a [security advisory](https://openssl-library.org/news/secadv/20201208.txt). Here's how it affects BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2020-1971 | EDIPARTYNAME NULL pointer de-reference | High | Affected; fixed in commit aa4ecb49, see discussion below for impact
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
+
+## CVE-2020-1971
+
+This issue does affect BoringSSL’s X.509 validation as we have not replaced the code in question since diverging from OpenSSL. BoringSSL does not support Time Stamp Protocol and so is unaffected in that context. This issue was discovered and reported by us to OpenSSL. The fix can be cherry-picked from BoringSSL’s commit [aa4ecb49269666c75919bc068028097c3b9cd42f](https://boringssl.googlesource.com/boringssl/+/aa4ecb49269666c75919bc068028097c3b9cd42f) if needed.
+
+Although OpenSSL marked this bug as high-severity we recommend reading the OpenSSL security update in order to decide whether it counts as such in your environment: it’s a NULL-pointer crash and only happens if doing X.509 validation with CRLs enabled, which is rare.
diff --git a/docs/advisories/README.md b/docs/advisories/README.md
index e1440a1..3ba3002 100644
--- a/docs/advisories/README.md
+++ b/docs/advisories/README.md
@@ -5,5 +5,3 @@
 to OpenSSL advisories, detailing how they impact BoringSSL. In case of OpenSSL
 advisories, even when the advisory does not impact BoringSSL, we will publish a
 corresponding document saying so.
-
-TODO(crbug.com/479225940): Publish historical advisories.