Launchpad.net

CVE 2011-2515

PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.

See the CVE page on Mitre.org for more details.