Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925
edits
MOSS/Secure Open Source/Completed: Difference between revisions
MOSS/Secure Open Source/Completed (view source)
Revision as of 16:54, 13 January 2017
, 13 January 2017Add dovecot
(Add developer blog post links) |
(Add dovecot) |
||
| Line 1: | Line 1: | ||
Secure Open Source has completed the following audits. | Secure Open Source has completed the following audits. | ||
==PCRE== | ==2017== | ||
===dovecot=== | |||
Dates: October 2016 - January 2017 | |||
[http://www.dovecot.org/ dovecot] is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by [https://cure53.de/ Cure53]. | |||
The team found the following problems: | |||
* 3 Low | |||
The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations." | |||
* [[Media:Dovecot-report.pdf|Audit report]] | |||
* [https://docs.google.com/document/d/1rhzV_2Mw-7qbhXkGfyREzhxi51Rqwt2br8dZBNvI64U/edit# Fix and validation log] | |||
==2016== | |||
===PCRE=== | |||
Dates: October 2015 - June 2016 | Dates: October 2015 - June 2016 | ||
| Line 19: | Line 38: | ||
* [https://docs.google.com/document/d/1FEGCOGPWt9lVsuFsER9EmkkTU-LIH9ggtWSDhgvwr0Q/edit Fix and validation log] | * [https://docs.google.com/document/d/1FEGCOGPWt9lVsuFsER9EmkkTU-LIH9ggtWSDhgvwr0Q/edit Fix and validation log] | ||
==libjpeg-turbo== | ===libjpeg-turbo=== | ||
Dates: November 2015 - June 2016 | Dates: November 2015 - June 2016 | ||
| Line 37: | Line 56: | ||
* [https://docs.google.com/document/d/17exDyGr2txYJ5Ntv4Q8B3MnLSvbcSfs5dje_xuDZPNA/edit Special report on issues in the JPEG standard] | * [https://docs.google.com/document/d/17exDyGr2txYJ5Ntv4Q8B3MnLSvbcSfs5dje_xuDZPNA/edit Special report on issues in the JPEG standard] | ||
==phpMyAdmin== | ===phpMyAdmin=== | ||
Dates: May - June 2016 | Dates: May - June 2016 | ||
| Line 55: | Line 74: | ||
* [https://www.phpmyadmin.net/news/2016/6/13/phpmyadmin-project-successfully-completes-security-audit/ Developer blog post] | * [https://www.phpmyadmin.net/news/2016/6/13/phpmyadmin-project-successfully-completes-security-audit/ Developer blog post] | ||
==dnsmasq== | ===dnsmasq=== | ||
Dates: May - August 2016 | Dates: May - August 2016 | ||
| Line 69: | Line 88: | ||
* [https://docs.google.com/document/d/14y2kiXgB69fLBY0xuMeqc-YiZg4UDCw2xd4-mZspoP8/edit Fix and validation log] | * [https://docs.google.com/document/d/14y2kiXgB69fLBY0xuMeqc-YiZg4UDCw2xd4-mZspoP8/edit Fix and validation log] | ||
==zlib== | ===zlib=== | ||
Dates: July - September 2016 | Dates: July - September 2016 | ||
| Line 85: | Line 104: | ||
One of the Low severity issues is still under discussion between the zlib development team and the auditors, as they are working out how to resolve it without performance degradation. | One of the Low severity issues is still under discussion between the zlib development team and the auditors, as they are working out how to resolve it without performance degradation. | ||
==curl== | ===curl=== | ||
Dates: August - November 2016 | Dates: August - November 2016 | ||