1 matches found
Code injection
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle MITM attackers to spoof GPG keys for a package repository...