[Pkg-privacy-maintainers] Fwd: [anti-censorship-team] obfs4proxy-0.0.12 (2021-12-31) fixes the Elligator2 bug

Fri Jan 14 14:19:14 GMT 2022

Please email security at debian.org to get started. We'd ideally need a
CVE, but we can live with only a bug report on the package, or just that
mail.

We can definitely update in stable, just need to setup a security
update:

https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#bug-security

HTH

a.

On 2022-01-14 12:14:07, meskio at sindominio.net wrote:
> Hello,
>
> There has being a security issue discovered in obfs4proxy, see details on the 
> forwarded email. What will be the process to update the package? Can we update 
> it in stable as a security update? Can I help somehow with the process?
>
> Thank you.
>
> Forwarded message from David Fifield (2022-01-14 03:27:09):
>> The upstream obfs4 repository has a fix to the Elligator2 public key
>> representative leak (https://github.com/agl/ed25519/issues/27).
>> 
>> https://gitlab.com/yawning/obfs4/-/commit/393aca86cc3b1a5263018c10f87ece09ac3fd5ed
>> 
>>         All releases prior to this commit are trivially distinguishable
>>         with simple math, so upgrading is strongly recommended. The
>>         upgrade is fully backward-compatible with existing
>>         implementations, however the non-upgraded side will emit traffic
>>         that is trivially distinguishable from random.
>> 
>> The file internal/README.md elaborates:
>> 
>>         All existing versions prior to the migration to the new code
>>         (anything that uses agl's code) are fatally broken, and trivial
>>         to distinguish via some simple math. For more details see Loup
>>         Vaillant's writings on the subject. Any bugs in the
>>         implementation are mine, and not his.
>> 
>>         Representatives created by this implementation will correctly be
>>         decoded by existing implementations. Public keys created by this
>>         implementation be it via the modified scalar basepoint multiply
>>         or via decoding a representative will be somewhat non-standard,
>>         but will interoperate with a standard X25519 scalar-multiply.
>> 
>>         As the obfs4 handshake does not include the decoded
>>         representative in any of it's authenticated handshake digest
>>         calculations, this change is fully-backward compatible (though
>>         the non-upgraded side of the connection will still be trivially
>>         distinguishable from random).
>> _______________________________________________
>> anti-censorship-team mailing list
>> anti-censorship-team at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/anti-censorship-team
>
> -- 
> meskio | https://meskio.net/
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>  My contact info: https://meskio.net/crypto.txt
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Nos vamos a Croatan.
> _______________________________________________
> Pkg-privacy-maintainers mailing list
> Pkg-privacy-maintainers at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-privacy-maintainers

-- 
À force de ne jamais réfléchir, on a un bonheur stupide
                        - Jean Cocteau