[Pkg-privacy-maintainers] Fwd: [anti-censorship-team] obfs4proxy-0.0.12 (2021-12-31) fixes the Elligator2 bug
Ana C. Custura
ana at netstat.org.uk
Fri Jan 14 12:03:27 GMT 2022
Hi,
Just a note to say I'm in touch with meskio and looking at this.
Cheers,
Ana
On Fri, Jan 14, 2022, at 11:27 AM, Georg Faerber wrote:
> Hi meskio,
>
> Thanks for reaching out.
>
> On 22-01-14 12:14:07, meskio wrote:
>> There has being a security issue discovered in obfs4proxy, see details
>> on the forwarded email. What will be the process to update the
>> package? Can we update it in stable as a security update? Can I help
>> somehow with the process?
>
> Was there a CVE assigned, yet?
>
> In any case: Please reach out to security at debian.org and ask them for an
> assessment. They need to make the call how this should be fixed, either
> via a security update or a stable update.
>
> Regardless of the way to go, fixing this needs (probably, potentially) a
> 'targeted fix' only addressing this issue. Debian bullseye aka stable
> ships 0.0.8-1 currently.
>
> Further, this should be fixed in both unstable and testing via an upload
> targeting unstable. Also, this might be a requirement to handle the fix
> targeting stable as well.
>
> Thank you,
> cheers,
> Georg
>
> _______________________________________________
> Pkg-privacy-maintainers mailing list
> Pkg-privacy-maintainers at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-privacy-maintainers
More information about the Pkg-privacy-maintainers
mailing list