Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925
edits
MOSS/Secure Open Source/Completed: Difference between revisions
Add ntp and ntpsec
(Add oauth2-server) |
(Add ntp and ntpsec) |
||
| Line 32: | Line 32: | ||
* [https://docs.google.com/document/d/1rhzV_2Mw-7qbhXkGfyREzhxi51Rqwt2br8dZBNvI64U/edit# Fix and validation log] | * [https://docs.google.com/document/d/1rhzV_2Mw-7qbhXkGfyREzhxi51Rqwt2br8dZBNvI64U/edit# Fix and validation log] | ||
* [http://www.dovecot.fi/impressive-results-from-mozilla-sponsored-dovecot-security-audit/index.html Developer blog post] | * [http://www.dovecot.fi/impressive-results-from-mozilla-sponsored-dovecot-security-audit/index.html Developer blog post] | ||
===ntp=== | |||
Dates: December 2016 - March 2017 | |||
[http://www.ntp.org/ ntp] is a implementation of the Network Time Protocol. The audit was performed by [https://cure53.de/ Cure53]. | |||
The team found the following problems: | |||
* 1 Critical | |||
* 2 High | |||
* 1 Medium | |||
* 8 Low | |||
* 2 Informational | |||
This audit was performed at the same time as an audit of ntpsec, which is based on a version of the ntp code. | |||
* [[Media:Ntp-report.pdf|Audit report]] | |||
* [https://docs.google.com/document/d/1nyD8j_Q-rhksUgJvIVog7xlID-ktyiuuve-VFVqWXOI/edit# Fix and validation log] | |||
===ntpsec=== | |||
Dates: December 2016 - March 2017 | |||
[http://www.ntpsec.org/ ntpsec] is a implementation of the Network Time Protocol, a fork of ntp. The audit was performed by [https://cure53.de/ Cure53]. | |||
The team found the following problems: | |||
* 3 High | |||
* 1 Medium | |||
* 3 Low | |||
* 1 Informational | |||
This audit was performed at the same time as an audit of ntp, of which this codebase is a fork. | |||
* [[Media:Ntpsec-report.pdf|Audit report]] | |||
* [https://docs.google.com/document/d/1_Kps7NGnXUUuiJ8Q7dInryzuPz8qmrgNetAtxmJjOmU/edit# Fix and validation log] | |||
==2016== | ==2016== | ||