← Back

CVE-2007-4739

nvd nist
Published: Sep 6, 2007Modified: Apr 23, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:P/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.

Affected (8)

Products: Debian: Reprepro
Debian
1 product
Reprepro
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Reprepro
Version 1.3.0
Reprepro
Version 1.3.1
Reprepro
Version 2.0.0
Reprepro
Version 2.1.0
Reprepro
Version 2.2.0
Reprepro
Version 2.2.1
Reprepro
Version 2.2.2
Reprepro
Version 2.2.3

Related CWEs

CWE-264
CWE-264

References (16)

Source: cve@mitre.org
Patch
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.