CVE 2011-4407
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.
Related bugs and status
CVE-2011-4407 (Candidate) is related to these bugs:
Bug #502698: 'urlopen error' using add-apt-repository
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
502698 | 'urlopen error' using add-apt-repository | software-properties (Ubuntu) | Low | Fix Released |
Bug #620098: Manual page for 'add-apt-repository' is not accessible via the name 'apt-add-repository'
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
620098 | Manual page for 'add-apt-repository' is not accessible via the name 'apt-add-repository' | software-properties (Ubuntu) | Low | Fix Released |
Bug #652523: Revert and Remove have duplicate keyboard accelerators in Sources->Other Software tab
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
652523 | Revert and Remove have duplicate keyboard accelerators in Sources->Other Software tab | software-properties (Ubuntu) | Low | Fix Released |
Bug #854841: add-apt-repository will write duplicate entries to /etc/apt/sources.list
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
854841 | add-apt-repository will write duplicate entries to /etc/apt/sources.list | software-properties (Ubuntu) | Low | Fix Released |
Bug #888417: adding ppa in software sources does not retrieve pgp key
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
888417 | adding ppa in software sources does not retrieve pgp key | software-properties (Ubuntu) | Undecided | Fix Released | ||
888417 | adding ppa in software sources does not retrieve pgp key | One Hundred Papercuts | Medium | Fix Released | ||
888417 | adding ppa in software sources does not retrieve pgp key | software-properties (Ubuntu Oneiric) | Undecided | Won't Fix | ||
888417 | adding ppa in software sources does not retrieve pgp key | software-properties (Ubuntu Precise) | Undecided | Fix Released |
Bug #912557: Spacing between checkboxes in "Ubuntu Software" tab increases when window height is increased
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
912557 | Spacing between checkboxes in "Ubuntu Software" tab increases when window height is increased | software-properties (Ubuntu) | Low | Fix Released |
Bug #915210: apt-add-repository does not perform ssl verification where it *needs* to
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
915210 | apt-add-repository does not perform ssl verification where it *needs* to | software-properties (Ubuntu) | High | Fix Released | ||
915210 | apt-add-repository does not perform ssl verification where it *needs* to | software-properties (Ubuntu Lucid) | High | Fix Released | ||
915210 | apt-add-repository does not perform ssl verification where it *needs* to | software-properties (Ubuntu Maverick) | High | Fix Released | ||
915210 | apt-add-repository does not perform ssl verification where it *needs* to | software-properties (Ubuntu Natty) | High | Fix Released | ||
915210 | apt-add-repository does not perform ssl verification where it *needs* to | software-properties (Ubuntu Precise) | High | Fix Released | ||
915210 | apt-add-repository does not perform ssl verification where it *needs* to | software-properties (Ubuntu Oneiric) | High | Fix Released |
Bug #1036839: Quantal software-properties incorrectly validating ssl certs
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1036839 | Quantal software-properties incorrectly validating ssl certs | software-properties (Ubuntu) | High | Fix Released |
See the
CVE page on Mitre.org
for more details.