5 matches found
Debian Security Advisory DSA 1394-1 (reprepro)
The remote host is missing an update to reprepro announced via advisory DSA 1394-1. OpenVAS Vulnerability Test $Id: deb13941.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1394-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian: Security Advisory (DSA-1394-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-1394-1 : reprepro - authentication bypass
It was discovered that reprepro, a tool to create a repository of Debian packages, only checks the validity of known signatures when updating from a remote site, and thus does not reject packages with only unknown signatures. This allows an attacker to bypass this authentication mechanism. The...
CVE-2007-4739
reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command...
CVE-2007-4739
CVE-2007-4739 affects reprepro versions 1.3.0 through 2.2.3, where repository updates do not adequately verify signatures: it only validates known signatures and may accept unsigned/unknown signatures, allowing remote attackers to craft a seemingly valid Release.gpg file. The issue enables an aut...