Quoting David Fifield (2022-01-14 03:27:09)
The upstream obfs4 repository has a fix to the Elligator2 public key representative leak (https://github.com/agl/ed25519/issues/27).
I started the conversation with the maintainers in debian to update the package: https://alioth-lists.debian.net/pipermail/pkg-privacy-maintainers/2022/00382...