CVE-2011-4407 Information

Description

ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.

Reference

http://www.ubuntu.com/usn/USN-1352-1 https://bugs.launchpad.net/ubuntu/2Bsource/software-properties/2Bbug/915210