Package: obfs4proxy Version: 0.0.8-1+b6 Severity: important Tags: security Hi,
Please see https://lists.torproject.org/pipermail/anti-censorship-team/2022-January/000213.html tl;dr: > All existing versions prior to the migration to the new code […] are > fatally broken, and trivial to distinguish via some simple math. Given obfs4proxy's explicit traffic obfuscation goal, this looks like an important security issue to me. (For those who might be wondering: whether/when this bug is fixed in Debian does not impact Tails since we've switched to using the obfs4proxy binary from the Tor Browser tarball.) Thanks for maintaining obfs4proxy in Debian, cheers!
