[Pkg-privacy-maintainers] Fwd: [anti-censorship-team] obfs4proxy-0.0.12 (2021-12-31) fixes the Elligator2 bug
Georg Faerber
georg at debian.org
Fri Jan 14 11:27:10 GMT 2022
Hi meskio,
Thanks for reaching out.
On 22-01-14 12:14:07, meskio wrote:
> There has being a security issue discovered in obfs4proxy, see details
> on the forwarded email. What will be the process to update the
> package? Can we update it in stable as a security update? Can I help
> somehow with the process?
Was there a CVE assigned, yet?
In any case: Please reach out to security at debian.org and ask them for an
assessment. They need to make the call how this should be fixed, either
via a security update or a stable update.
Regardless of the way to go, fixing this needs (probably, potentially) a
'targeted fix' only addressing this issue. Debian bullseye aka stable
ships 0.0.8-1 currently.
Further, this should be fixed in both unstable and testing via an upload
targeting unstable. Also, this might be a requirement to handle the fix
targeting stable as well.
Thank you,
cheers,
Georg
More information about the Pkg-privacy-maintainers
mailing list