Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925
edits
MOSS/Secure Open Source/Completed: Difference between revisions
Jump to navigation
Jump to search
MOSS/Secure Open Source/Completed (view source)
Revision as of 19:02, 30 September 2016
, 30 September 2016Add zlib
(Add dnsmasq and dates) |
(Add zlib) |
||
| Line 54: | Line 54: | ||
* [https://docs.google.com/document/d/1mrKwVKkcC22JeYIcXQeTNbq_kjTLlMIfHAxdffFMDXk/edit Fix and validation log] | * [https://docs.google.com/document/d/1mrKwVKkcC22JeYIcXQeTNbq_kjTLlMIfHAxdffFMDXk/edit Fix and validation log] | ||
==dnsmasq | ==dnsmasq== | ||
Dates: May - August 2016 | Dates: May - August 2016 | ||
| Line 67: | Line 67: | ||
* [[Media:Dnsmasq-report.pdf|Audit report]] | * [[Media:Dnsmasq-report.pdf|Audit report]] | ||
* [https://docs.google.com/document/d/14y2kiXgB69fLBY0xuMeqc-YiZg4UDCw2xd4-mZspoP8/edit Fix and validation log] | * [https://docs.google.com/document/d/14y2kiXgB69fLBY0xuMeqc-YiZg4UDCw2xd4-mZspoP8/edit Fix and validation log] | ||
==zlib== | |||
Dates: July - September 2016 | |||
[http://www.zlib.net/] is a compression library implementing the 'deflate' compression algorithm, used in countless applications. The audit was performed by [https://www.trailofbits.com/ Trail of Bits]. | |||
The team found the following vulnerabilities: | |||
* 1 Medium | |||
* 4 Low | |||
* [[Media:Zlib-report.pdf|Audit report]] | |||
* [https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit Fix and validation log] | |||
One of the Low severity issues is still under discussion between the zlib development team and the auditors, as they are working out how to resolve it without performance degradation. | |||