Rare project developers

[mc36 <>]

On 7/22/22 14:21, Alexander Gall wrote:
> > so it was a missing emptyness check in the very core of ec signature 
> > verification,
> > affecting everything that uses that... most notably the tls handshake is the 
> > most
> > prominent example, but everything that does an ec verify operation is 
> > affected...
>
> CVE-2022-21449 appears to not affect OpenJDK 14 (what we currently
> use) according to
> https://openjdk.org/groups/vulnerability/advisories/2022-04-19. Can
> you confirm this?

unfortunately i cannot.. jdk14 was never intended to be an lts, that is, it 
never got an update
just until 15 was released... much like the 13 and 15... only 8, 9, 11, 17, 
19 and 20 are living
releases nowadays, and the last 2 will die soon... they're on a 2 release / 
year schedule now
and abandon the oldies as soon as the new arrives, except the lts...

regarding this cve. since versions are affected starting 7, imho it's safe to 
assume that 14
is also on the list but your link means it simply never got the fix....

btw, the whole point of me in this per package mentioning is that, i simply 
mentioned
the two bigs we heavily depend, and had severe issues...
but all the small projects had tons of fixes in the past 2 years...


mc36@nass:/nfs/own/web/freerouter$ 
/usr/lib/jvm/java-14-openjdk-amd64/bin/java -version
openjdk version "14.0.2" 2020-07-14
OpenJDK Runtime Environment (build 14.0.2+12-Debian-2)
OpenJDK 64-Bit Server VM (build 14.0.2+12-Debian-2, mixed mode, sharing)
mc36@nass:/nfs/own/web/freerouter$ 
/usr/lib/jvm/java-11-openjdk-amd64/bin/java -version
openjdk version "11.0.15" 2022-04-19
OpenJDK Runtime Environment (build 11.0.15+10-post-Debian-1)
OpenJDK 64-Bit Server VM (build 11.0.15+10-post-Debian-1, mixed mode, sharing)
mc36@nass:/nfs/own/web/freerouter$ 
/usr/lib/jvm/java-13-openjdk-amd64/bin/java -version
openjdk version "13.0.6" 2021-01-19
OpenJDK Runtime Environment (build 13.0.6+5-Debian-1)
OpenJDK 64-Bit Server VM (build 13.0.6+5-Debian-1, mixed mode)
mc36@nass:/nfs/own/web/freerouter$
mc36@nass:/nfs/own/web/freerouter$ ls -l /usr/lib/jvm/
total 72
lrwxrwxrwx  1 root root   25 Jul 17  2019 default-java -> 
java-1.11.0-openjdk-amd64
lrwxrwxrwx  1 root root   21 Jul 22  2020 java-1.11.0-openjdk-amd64 -> 
java-11-openjdk-amd64
lrwxrwxrwx  1 root root   21 Jul 17  2020 java-1.13.0-openjdk-amd64 -> 
java-13-openjdk-amd64
lrwxrwxrwx  1 root root   21 Jul 17  2020 java-1.14.0-openjdk-amd64 -> 
java-14-openjdk-amd64
lrwxrwxrwx  1 root root   21 Sep 16  2020 java-1.15.0-openjdk-amd64 -> 
java-15-openjdk-amd64
lrwxrwxrwx  1 root root   21 Jan  9  2021 java-1.16.0-openjdk-amd64 -> 
java-16-openjdk-amd64
lrwxrwxrwx  1 root root   21 Dec 28  2020 java-1.17.0-openjdk-amd64 -> 
java-17-openjdk-amd64
lrwxrwxrwx  1 root root   21 Aug 26  2021 java-1.18.0-openjdk-amd64 -> 
java-18-openjdk-amd64
lrwxrwxrwx  1 root root   21 May  3 18:32 java-1.19.0-openjdk-amd64 -> 
java-19-openjdk-amd64
drwxr-xr-x 10 root root 4096 May  3 19:36 java-11-openjdk-amd64
drwxr-xr-x 10 root root 4096 Jan 22  2021 java-13-openjdk-amd64
drwxr-xr-x 10 root root 4096 Dec 31  2020 java-14-openjdk-amd64
drwxr-xr-x 10 root root 4096 Apr 22  2021 java-15-openjdk-amd64
drwxr-xr-x 10 root root 4096 Aug 25  2021 java-16-openjdk-amd64
drwxr-xr-x 10 root root 4096 May  3 10:06 java-17-openjdk-amd64
lrwxrwxrwx  1 root root   20 Aug 13  2020 java-1.8.0-openjdk-amd64 -> 
java-8-openjdk-amd64
drwxr-xr-x 10 root root 4096 May  3 19:37 java-18-openjdk-amd64
drwxr-xr-x 10 root root 4096 Jul 18 13:08 java-19-openjdk-amd64
drwxr-xr-x  8 root root 4096 Jul 15 10:46 java-8-openjdk-amd64
drwxr-xr-x  3 root root 4096 May  3 19:35 openjdk-11
drwxr-xr-x  3 root root 4096 Jan 22  2021 openjdk-13
drwxr-xr-x  3 root root 4096 Dec 31  2020 openjdk-14
drwxr-xr-x  3 root root 4096 Apr 22  2021 openjdk-15
drwxr-xr-x  3 root root 4096 Aug 25  2021 openjdk-16
drwxr-xr-x  3 root root 4096 May  3 10:05 openjdk-17
drwxr-xr-x  3 root root 4096 May  3 19:36 openjdk-18
drwxr-xr-x  3 root root 4096 Jul 18 13:07 openjdk-19
drwxr-xr-x  2 root root 4096 Jul 15 10:50 openjdk-8
mc36@nass:/nfs/own/web/freerouter$