OpenSSL Advisory: March 13th, 2026 (BoringSSL Not Affected)

davidben · Boringssl LUCI CQ · commit d2c7ec9e5943 · 2026-03-16T07:19:17.000-07:00
BoringSSL counterpart to https://openssl-library.org/news/secadv/20260313.txt Change-Id: Ida53472905bbf18622c18e7fc6e75520f4d46a20 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90887 Reviewed-by: Lily Chen <chlily@google.com> Commit-Queue: Lily Chen <chlily@google.com> Auto-Submit: David Benjamin <davidben@google.com>
diff --git a/docs/advisories/2026-03-13.md b/docs/advisories/2026-03-13.md
@@ -0,0 +1,9 @@
+# OpenSSL Advisory: March 13th, 2026 (BoringSSL Not Affected)
+
+OpenSSL have published a [security advisory](https://openssl-library.org/news/secadv/20260313.txt). Here's how it affects BoringSSL:
+
+CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
+----|---------|-----------------------|---------------------
+CVE-2026-2673 | OpenSSL TLS 1.3 server may choose unexpected key agreement group | Low | Not affected, issue was introduced after fork
+
+[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
