DescriptionThe apt-add-repository tool in Ubuntu Software Properties 0.75.x before, 0.80.x before, 0.81.x before, 0.82.x before, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)


NOT-FOR-US: apt-add-repository

Search for package or bug name: Reporting problems