Rare project developers

[Alexander Gall <>]

On Fri, 22 Jul 2022 14:37:00 +0200, mc36 <> said:

> On 7/22/22 14:21, Alexander Gall wrote:
>> 
>>> so it was a missing emptyness check in the very core of ec signature 
>>> verification,
>>> affecting everything that uses that... most notably the tls handshake is 
>>> the most
>>> prominent example, but everything that does an ec verify operation is 
>>> affected...
>> 
>> CVE-2022-21449 appears to not affect OpenJDK 14 (what we currently
>> use) according to
>> https://openjdk.org/groups/vulnerability/advisories/2022-04-19. Can
>> you confirm this?
>> 

> unfortunately i cannot.. jdk14 was never intended to be an lts, that is, it 
> never got an update

Yeah, but the bug only appeared in 15, so can't be in 14, right?
Anyway, I'm making you an offer in another part of this thread.

-- 
Alex