CVE-2007-4739
CVE-2007-4739 affects reprepro versions 1.3.0 through 2.2.3, where repository updates do not adequately verify signatures: it only validates known signatures and may accept unsigned/unknown signatures, allowing remote attackers to craft a seemingly valid Release.gpg file. The issue enables an aut...