[bertman]

The fix for OpenJDK (authored on Jan. 4th 22):

https://github.com/openjdk/jdk/blob/e2f8ce9c3ff4518e070960ba...

[drexlspivey]

with commit message “Improve ECDSA signature support” :D

[baobabKoodaa]

I'm guessing the commit message is obscured to give people more time to update before it's exploited in the wild.

[sdhfkjwefs]

Why are there no tests?

[MrBuddyCasino]

I spot no test or comment in the code on why this assertion is important.

[bertman]

It's literally what the whole bug is about. From OP's article:

>This is why the very first check in the ECDSA verification algorithm is to ensure that r and s are both >= 1. Guess which check Java forgot?

[MrBuddyCasino]

Yes I just think it’s insane they fixed it without adding a test or comment.