2 matches found
CVE-2012-0955
CVE-2012-0955 affects the Ubuntu software-properties component, where TLS certificate validation was incorrect in softwareproperties/ppa.py. It did not consistently validate TLS certificates under Python 2 and only validated under Python 3 if a valid bundle was provided. This led to potential MIT...
CVE-2011-4407
The CVE-2011-4407 issue affects ppa.py in Software Properties prior to version 0.81.13.3, which does not validate the server certificate when downloading PPA GPG key fingerprints. This MITM vulnerability could allow an attacker to spoof GPG keys for a package repository, potentially compromising ...