CVE-2007-4739
First published: Thu Sep 06 2007(Updated: )
reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian Reprepro | =2.2.0 | |
| Debian Reprepro | =2.2.3 | |
| Debian Reprepro | =1.3.0 | |
| Debian Reprepro | =2.1.0 | |
| Debian Reprepro | =1.3.1 | |
| Debian Reprepro | =2.2.1 | |
| Debian Reprepro | =2.2.2 | |
| Debian Reprepro | =2.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=interdiff;att=1;bug=440535
- http://alioth.debian.org/frs/shownotes.php?release_id=1031
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440535
- http://secunia.com/advisories/26678
- http://www.debian.org/security/2007/dsa-1394
- http://www.securityfocus.com/bid/25537
- http://secunia.com/advisories/27334
- http://osvdb.org/40172
- http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5%3Bfilename=interdiff%3Batt=1%3Bbug=440535
- collector/nvd-historical
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- agent/source
- vendor/debian
- canonical/debian reprepro
- version/debian reprepro/2.2.0
- version/debian reprepro/2.2.3
- version/debian reprepro/1.3.0
- version/debian reprepro/2.1.0
- version/debian reprepro/1.3.1
- version/debian reprepro/2.2.1
- version/debian reprepro/2.2.2
- version/debian reprepro/2.0.0