PublicDate: 2007-09-06 19:17:00 UTC
Candidate: CVE-2007-4739
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4739
Description:
 reprepro 1.3.0 through 2.2.3 does not properly verify signatures when
 updating repositories, which allows remote attackers to construct and
 distribute an ostensibly valid Release.gpg file by signing it with an
 unknown key, related to the update command.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_reprepro: ignored (reached end-of-life)
edgy_reprepro: needed (reached end-of-life)
feisty_reprepro: needed (reached end-of-life)
gutsy_reprepro: released (2.2.4-1)
hardy_reprepro: released (2.2.4-1)
intrepid_reprepro: released (2.2.4-1)
jaunty_reprepro: released (2.2.4-1)
karmic_reprepro: released (2.2.4-1)
devel_reprepro: released (2.2.4-1)
upstream_reprepro: needs-triage