[anti-censorship-team] obfs4proxy-0.0.11 (2019-06-21) fixes active probing vulnerabilities
David Fifield
david at bamsoftware.com
Fri Jan 14 20:50:32 UTC 2022
On Fri, Jan 14, 2022 at 12:17:57PM +0100, meskio wrote:
> Quoting David Fifield (2022-01-14 03:27:09)
> > The upstream obfs4 repository has a fix to the Elligator2 public key
> > representative leak (https://github.com/agl/ed25519/issues/27).
>
> I started the conversation with the maintainers in debian to update the package:
> https://alioth-lists.debian.net/pipermail/pkg-privacy-maintainers/2022/003823.html
Thanks, meskio. It was also brought to my attention that Debian's latest
version of obfs4proxy is 0.0.8, which does not have the necessary active
probing mitigations that we released in 0.0.11. This should also be
treated as a security issue.
https://packages.debian.org/search?keywords=obfs4proxy
https://gitlab.com/yawning/obfs4/-/commit/1a6129b66ff3e66c347b54fbae203c1c61d12d74
https://censorbib.nymity.ch/#Frolov2020a
https://github.com/net4people/bbs/issues/26
More information about the anti-censorship-team
mailing list