AI Score
Confidence
Low
EPSS
Percentile
32.1%
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.
www.ubuntu.com/usn/USN-1352-1
bugs.launchpad.net/ubuntu/%2Bsource/software-properties/%2Bbug/915210