[anti-censorship-team] obfs4proxy-0.0.11 (2019-06-21) fixes active probing vulnerabilities
meskio
meskio at sindominio.net
Mon Jan 17 10:53:55 UTC 2022
Quoting David Fifield (2022-01-14 21:50:32)
> On Fri, Jan 14, 2022 at 12:17:57PM +0100, meskio wrote:
> > Quoting David Fifield (2022-01-14 03:27:09)
> > > The upstream obfs4 repository has a fix to the Elligator2 public key
> > > representative leak (https://github.com/agl/ed25519/issues/27).
> >
> > I started the conversation with the maintainers in debian to update the package:
> > https://alioth-lists.debian.net/pipermail/pkg-privacy-maintainers/2022/003823.html
>
> Thanks, meskio. It was also brought to my attention that Debian's latest
> version of obfs4proxy is 0.0.8, which does not have the necessary active
> probing mitigations that we released in 0.0.11. This should also be
> treated as a security issue.
> https://packages.debian.org/search?keywords=obfs4proxy
Thanks for the info. I'll talk with the packagers about that. They mention
having a problem with the fork of uTLS and it's license to be able to update the
package. But let's see if is this can be solved somehow.
--
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://lists.torproject.org/pipermail/anti-censorship-team/attachments/20220117/451950da/attachment.sig>
More information about the anti-censorship-team
mailing list