[Pkg-privacy-maintainers] Bug#1008164: RM: obfs4proxy/0.0.8-1
Adam D. Barratt
adam at adam-barratt.org.uk
Mon Aug 12 21:38:21 BST 2024
Re-ping, given that we're less than three weeks from the final bullseye
point release.
Regards,
Adam
On Mon, 2024-07-08 at 19:24 +0100, Jonathan Wiltshire wrote:
> Hi,
>
> Ping on this? Adding the maintenance list as well.
>
> Thanks.
>
> On Sat, Aug 05, 2023 at 11:05:52PM +0200, Moritz Mühlenhoff wrote:
> > Am Mon, Jul 31, 2023 at 08:05:29AM +0100 schrieb Jonathan
> > Wiltshire:
> > > Hi,
> > >
> > > On Mon, Jul 04, 2022 at 07:36:12PM +0100, Adam D. Barratt wrote:
> > > > Control: retitle -1 RM: obfs4proxy -- RoM; security issues
> > > > Control: tags -1 + moreinfo
> > > >
> > > > On Sat, 2022-03-26 at 21:21 +0100, Paul Gevers wrote:
> > > > > Control: tag -1 bullseye
> > > > >
> > > > > Hi Ana,
> > > > >
> > > > > On 23-03-2022 13:13, Ana Custura wrote:
> > > > > > Opening this bug after a recomendation from debian-
> > > > > > security.
> > > > > > Version 0.0.8 of obfs4proxy has a security bug, which has
> > > > > > only been
> > > > > > fixed in a later
> > > > > > version (0.0.13, see bug number #1004374), and also suffers
> > > > > > from
> > > > > > incompatibilty issues
> > > > > > with later versions of the package. Version 0.0.13 is
> > > > > > already in
> > > > > > bullseye-backports.
> > > > >
> > > > > So this want's removal from bullseye, setting the right tag
> > > > > to have
> > > > > it on the radar of the SRM.
> > > >
> > > > obfs4proxy has a reverse-dependency in bullseye:
> > > >
> > > > Checking reverse dependencies...
> > > > # Broken Depends:
> > > > onionshare: onionshare
> > > >
> > > > Dependency problem found.
> > >
> > > This remains unresolved - obfs4proxy cannot be removed while
> > > onionshare
> > > depends on it. Security team - is removal your recommendation?
> > > How can the
> > > dependency be resolved?
> >
> > Let's add the onionshare maintainer to CC.
> >
> > In #1004375 onionshare demoted the dependency on obfs4proxy to a
> > Recommends,
> > can we apply the same to onionshare 2.2 from Bullseye?
> >
> > Cheers,
> > Moritz
>
More information about the Pkg-privacy-maintainers
mailing list