Hi,
I've been in touch with Debian Security last week, they suggested an
update to unstable first. I'm now working on packaging the dependencies
for version 0.0.11 and shipping an update.
Thanks,
Ana
On 26/01/2022 07:00, intrigeri wrote:
Package: obfs4proxy
Version: 0.0.8-1+b6
Severity: important
Tags: security
Hi,
Please see
https://lists.torproject.org/pipermail/anti-censorship-team/2022-January/000213.html
tl;dr:
All existing versions prior to the migration to the new code […] are
fatally broken, and trivial to distinguish via some simple math.
Given obfs4proxy's explicit traffic obfuscation goal, this looks like
an important security issue to me.
(For those who might be wondering: whether/when this bug is fixed in
Debian does not impact Tails since we've switched to using the
obfs4proxy binary from the Tor Browser tarball.)
Thanks for maintaining obfs4proxy in Debian,
cheers!
_______________________________________________
Pkg-privacy-maintainers mailing list
pkg-privacy-maintain...@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-privacy-maintainers
