[chrony-dev] chrony audit

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


I have some good news. The chrony source code was recently audited by
Cure53. The audit was organized by Mozilla and funded by the Linux
Foundation's Core Infrastructure Initiative (CII).

The report is available here:
https://wiki.mozilla.org/images/e/e4/Chrony-report.pdf

In summary, the audit found only two minor issues, which could
theoretically be exploited in future, but didn't have a security impact
in the current code. Both issues were fixed in chrony-3.2-pre2.

-- 
Miroslav Lichvar

Attachment: signature.asc
Description: PGP signature



Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/