CVE-2007-4739

NONECVSS 0.0

0.0

reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.

🔗 References (16)

cve@mitrehttp://alioth.debian.org/frs/shownotes.php?release_id=1031
cve@mitrehttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440535
cve@mitrehttp://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5%3Bfilename=interdiff%3Batt=1%3Bbug=440535
cve@mitrehttp://osvdb.org/40172
cve@mitrehttp://secunia.com/advisories/26678
cve@mitrehttp://secunia.com/advisories/27334
cve@mitrehttp://www.debian.org/security/2007/dsa-1394
cve@mitrehttp://www.securityfocus.com/bid/25537
af854a3a-2127-422b-91ae-364da2661108http://alioth.debian.org/frs/shownotes.php?release_id=1031
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440535
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5%3Bfilename=interdiff%3Batt=1%3Bbug=440535
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/40172
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26678
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27334
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1394

Is Your Infrastructure Affected by CVE-2007-4739?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-4739

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-4739?