5

CVE-2007-4739

reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianReprepro Version1.3.0
DebianReprepro Version1.3.1
DebianReprepro Version2.0.0
DebianReprepro Version2.1.0
DebianReprepro Version2.2.0
DebianReprepro Version2.2.1
DebianReprepro Version2.2.2
DebianReprepro Version2.2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.52% 0.712
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://alioth.debian.org/frs/shownotes.php?release_id=1031
Patch
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440535
Patch
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5%3Bfilename=interdiff%3Batt=1%3Bbug=440535
http://osvdb.org/40172
http://secunia.com/advisories/26678
Patch
Vendor Advisory
http://secunia.com/advisories/27334
http://www.debian.org/security/2007/dsa-1394
http://www.securityfocus.com/bid/25537