First published: Thu Sep 06 2007(Updated: )
reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Reprepro | =2.2.0 | |
Debian Reprepro | =2.2.3 | |
Debian Reprepro | =1.3.0 | |
Debian Reprepro | =2.1.0 | |
Debian Reprepro | =1.3.1 | |
Debian Reprepro | =2.2.1 | |
Debian Reprepro | =2.2.2 | |
Debian Reprepro | =2.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.