[anti-censorship-team] obfs4proxy-0.0.11 (2019-06-21) fixes active probing vulnerabilities

David Fifield david at bamsoftware.com
Fri Jan 14 20:50:32 UTC 2022

On Fri, Jan 14, 2022 at 12:17:57PM +0100, meskio wrote:
> Quoting David Fifield (2022-01-14 03:27:09)
> > The upstream obfs4 repository has a fix to the Elligator2 public key
> > representative leak (https://github.com/agl/ed25519/issues/27).
> I started the conversation with the maintainers in debian to update the package:
> https://alioth-lists.debian.net/pipermail/pkg-privacy-maintainers/2022/003823.html

Thanks, meskio. It was also brought to my attention that Debian's latest
version of obfs4proxy is 0.0.8, which does not have the necessary active
probing mitigations that we released in 0.0.11. This should also be
treated as a security issue.


More information about the anti-censorship-team mailing list