2 matches found
Debian Security Advisory DSA 1394-1 (reprepro)
The remote host is missing an update to reprepro announced via advisory DSA 1394-1. OpenVAS Vulnerability Test $Id: deb13941.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1394-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian DSA-1394-1 : reprepro - authentication bypass
It was discovered that reprepro, a tool to create a repository of Debian packages, only checks the validity of known signatures when updating from a remote site, and thus does not reject packages with only unknown signatures. This allows an attacker to bypass this authentication mechanism. The...