Hi, On Mon, Jul 04, 2022 at 07:36:12PM +0100, Adam D. Barratt wrote: > Control: retitle -1 RM: obfs4proxy -- RoM; security issues > Control: tags -1 + moreinfo > > On Sat, 2022-03-26 at 21:21 +0100, Paul Gevers wrote: > > Control: tag -1 bullseye > > > > Hi Ana, > > > > On 23-03-2022 13:13, Ana Custura wrote: > > > Opening this bug after a recomendation from debian-security. > > > Version 0.0.8 of obfs4proxy has a security bug, which has only been > > > fixed in a later > > > version (0.0.13, see bug number #1004374), and also suffers from > > > incompatibilty issues > > > with later versions of the package. Version 0.0.13 is already in > > > bullseye-backports. > > > > So this want's removal from bullseye, setting the right tag to have > > it on the radar of the SRM. > > obfs4proxy has a reverse-dependency in bullseye: > > Checking reverse dependencies... > # Broken Depends: > onionshare: onionshare > > Dependency problem found.
This remains unresolved - obfs4proxy cannot be removed while onionshare depends on it. Security team - is removal your recommendation? How can the dependency be resolved? Thanks, -- Jonathan Wiltshire [email protected] Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
