[anti-censorship-team] obfs4proxy-0.0.11 (2019-06-21) fixes active probing vulnerabilities

meskio meskio at sindominio.net
Mon Jan 17 10:53:55 UTC 2022

Quoting David Fifield (2022-01-14 21:50:32)
> On Fri, Jan 14, 2022 at 12:17:57PM +0100, meskio wrote:
> > Quoting David Fifield (2022-01-14 03:27:09)
> > > The upstream obfs4 repository has a fix to the Elligator2 public key
> > > representative leak (https://github.com/agl/ed25519/issues/27).
> > 
> > I started the conversation with the maintainers in debian to update the package:
> > https://alioth-lists.debian.net/pipermail/pkg-privacy-maintainers/2022/003823.html
> Thanks, meskio. It was also brought to my attention that Debian's latest
> version of obfs4proxy is 0.0.8, which does not have the necessary active
> probing mitigations that we released in 0.0.11. This should also be
> treated as a security issue.
> https://packages.debian.org/search?keywords=obfs4proxy

Thanks for the info. I'll talk with the packagers about that. They mention 
having a problem with the fork of uTLS and it's license to be able to update the 
package. But let's see if is this can be solved somehow.

meskio | https://meskio.net/
 My contact info: https://meskio.net/crypto.txt
Nos vamos a Croatan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://lists.torproject.org/pipermail/anti-censorship-team/attachments/20220117/451950da/attachment.sig>

More information about the anti-censorship-team mailing list