Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925
edits
MOSS/Secure Open Source/Completed: Difference between revisions
Add dnsmasq and dates
(Add links to the projects themselves) |
(Add dnsmasq and dates) |
||
| Line 2: | Line 2: | ||
==PCRE== | ==PCRE== | ||
Dates: October 2015 - June 2016 | |||
[http://www.pcre.org/ PCRE] (Perl-Compatible Regular Expressions) is a C library for implementing [https://en.wikipedia.org/wiki/Regular_expression regular expressions] in a codebase. It is used in various open source projects including Exim, Apache, PHP and KDE, as well as Apple Safari. We audited PCRE2, a newer version which is currently less commonly-used but which is expected to become increasingly common. The audit was performed by [https://cure53.de/ Cure53]. | [http://www.pcre.org/ PCRE] (Perl-Compatible Regular Expressions) is a C library for implementing [https://en.wikipedia.org/wiki/Regular_expression regular expressions] in a codebase. It is used in various open source projects including Exim, Apache, PHP and KDE, as well as Apple Safari. We audited PCRE2, a newer version which is currently less commonly-used but which is expected to become increasingly common. The audit was performed by [https://cure53.de/ Cure53]. | ||
| Line 18: | Line 20: | ||
==libjpeg-turbo== | ==libjpeg-turbo== | ||
Dates: November 2015 - June 2016 | |||
[http://www.libjpeg-turbo.org/ libjpeg-turbo] is a fork of the libjpeg codebase which is particularly focussed on speed, and on compatibility with the most commonly-used standard profiles of JPEG. It is used by a number of open source projects, including Chrome, LibreOffice, Firefox and various flavours of VNC. The audit was performed by [https://cure53.de/ Cure53]. | [http://www.libjpeg-turbo.org/ libjpeg-turbo] is a fork of the libjpeg codebase which is particularly focussed on speed, and on compatibility with the most commonly-used standard profiles of JPEG. It is used by a number of open source projects, including Chrome, LibreOffice, Firefox and various flavours of VNC. The audit was performed by [https://cure53.de/ Cure53]. | ||
| Line 34: | Line 38: | ||
==phpMyAdmin== | ==phpMyAdmin== | ||
Dates: May - June 2016 | |||
[https://www.phpmyadmin.net/ phpMyAdmin] is a web-based administration tool for MySQL databases. The audit was performed by [https://www.nccgroup.trust/ NCC Group]. | [https://www.phpmyadmin.net/ phpMyAdmin] is a web-based administration tool for MySQL databases. The audit was performed by [https://www.nccgroup.trust/ NCC Group]. | ||
| Line 47: | Line 53: | ||
* [[Media:Phpmyadmin-report.pdf|Audit report]] | * [[Media:Phpmyadmin-report.pdf|Audit report]] | ||
* [https://docs.google.com/document/d/1mrKwVKkcC22JeYIcXQeTNbq_kjTLlMIfHAxdffFMDXk/edit Fix and validation log] | * [https://docs.google.com/document/d/1mrKwVKkcC22JeYIcXQeTNbq_kjTLlMIfHAxdffFMDXk/edit Fix and validation log] | ||
==dnsmasq (June 2016)== | |||
Dates: May - August 2016 | |||
[http://www.thekelleys.org.uk/dnsmasq/doc.html dnsmasq] is a lightweight implementation of DNS, DHCP, router advertisement and network boot. It is used in resource-constrained environments such as routers and firewalls (e.g. openWRT and DD-WRT), Android, and OpenStack. The audit was performed by [https://cure53.de/ Cure53]. | |||
The team found the following vulnerabilities: | |||
* 1 Medium | |||
* 5 Low | |||
* [[Media:Dnsmasq-report.pdf|Audit report]] | |||
* [https://docs.google.com/document/d/14y2kiXgB69fLBY0xuMeqc-YiZg4UDCw2xd4-mZspoP8/edit Fix and validation log] | |||