CVE-2015-1337 Information

Description

Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.

Reference

http://www.ubuntu.com/usn/USN-2746-1 http://www.ubuntu.com/usn/USN-2746-2 https://bugs.launchpad.net/ubuntu/2Bsource/simplestreams/2Bbug/1487004