[chrony-users] chrony audit

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: chrony-announce@xxxxxxxxxxxxxxxxxxxx, chrony-dev@xxxxxxxxxxxxxxxxxxxx, chrony-users@xxxxxxxxxxxxxxxxxxxx
Subject: [chrony-users] chrony audit
From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Fri, 15 Sep 2017 15:17:36 +0200
Authentication-results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=mlichvar@xxxxxxxxxx
Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com F25D2883CF

I have some good news. The chrony source code was recently audited by
Cure53. The audit was organized by Mozilla and funded by the Linux
Foundation's Core Infrastructure Initiative (CII).

The report is available here:
https://wiki.mozilla.org/images/e/e4/Chrony-report.pdf

In summary, the audit found only two minor issues, which could
theoretically be exploited in future, but didn't have a security impact
in the current code. Both issues were fixed in chrony-3.2-pre2.

-- 
Miroslav Lichvar

Attachment: signature.asc
Description: PGP signature

Messages sorted by: [ date | thread ]
Prev by Date: [chrony-users] chrony-3.2 released
Next by Date: [chrony-users] unsubscribe
Previous by thread: [chrony-users] chrony-3.2 released
Next by thread: [chrony-users] unsubscribe

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/