diff -Nru unattended-upgrades-0.76ubuntu1/debian/changelog unattended-upgrades-0.76ubuntu1.1/debian/changelog
--- unattended-upgrades-0.76ubuntu1/debian/changelog	2012-11-08 19:53:34.000000000 +0000
+++ unattended-upgrades-0.76ubuntu1.1/debian/changelog	2015-06-22 12:26:34.000000000 +0000
@@ -1,3 +1,11 @@
+unattended-upgrades (0.76ubuntu1.1) precise-security; urgency=medium
+
+  * fix missing package authentication check for apt
+     configurations that force-{confold,confnew} (CVE-2015-1330)
+     LP: #1466380
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 19 Jun 2015 11:12:10 +0200
+
 unattended-upgrades (0.76ubuntu1) precise-proposed; urgency=low
 
   * unattended-upgrade: ignore md5sum "newconffile" (LP: #936870) 
diff -Nru unattended-upgrades-0.76ubuntu1/test/test_origin_pattern.py unattended-upgrades-0.76ubuntu1.1/test/test_origin_pattern.py
--- unattended-upgrades-0.76ubuntu1/test/test_origin_pattern.py	2011-12-12 13:10:14.000000000 +0000
+++ unattended-upgrades-0.76ubuntu1.1/test/test_origin_pattern.py	2015-06-22 12:46:37.000000000 +0000
@@ -12,7 +12,7 @@
     match_whitelist_string, check_changes_for_sanity, is_allowed_origin)
 
 class MockOrigin():
-    pass
+    trusted = True
 class MockCandidate():
     pass
 class MockPackage():
diff -Nru unattended-upgrades-0.76ubuntu1/test/unattended_upgrade.py unattended-upgrades-0.76ubuntu1.1/test/unattended_upgrade.py
--- unattended-upgrades-0.76ubuntu1/test/unattended_upgrade.py	2012-11-08 19:52:23.000000000 +0000
+++ unattended-upgrades-0.76ubuntu1.1/test/unattended_upgrade.py	2015-06-22 12:26:34.000000000 +0000
@@ -355,6 +355,11 @@
             logging.debug("pkg '%s' now marked delete" % pkg.name)
             return False
         if pkg.marked_install or pkg.marked_upgrade:
+            # apt will never fallback from a trusted to a untrusted
+            # origin so its good enough if we have a single trusted one
+            if not any([o.trusted for o in pkg.candidate.origins]):
+                logging.debug("pkg '%s' is untrusted" % pkg.name)
+                return False
             if not is_allowed_origin(pkg.candidate, allowed_origins):
                 logging.debug("pkg '%s' not in allowed origin" % pkg.name)
                 return False
diff -Nru unattended-upgrades-0.76ubuntu1/unattended-upgrade unattended-upgrades-0.76ubuntu1.1/unattended-upgrade
--- unattended-upgrades-0.76ubuntu1/unattended-upgrade	2012-11-08 19:52:23.000000000 +0000
+++ unattended-upgrades-0.76ubuntu1.1/unattended-upgrade	2015-06-22 12:26:34.000000000 +0000
@@ -355,6 +355,11 @@
             logging.debug("pkg '%s' now marked delete" % pkg.name)
             return False
         if pkg.marked_install or pkg.marked_upgrade:
+            # apt will never fallback from a trusted to a untrusted
+            # origin so its good enough if we have a single trusted one
+            if not any([o.trusted for o in pkg.candidate.origins]):
+                logging.debug("pkg '%s' is untrusted" % pkg.name)
+                return False
             if not is_allowed_origin(pkg.candidate, allowed_origins):
                 logging.debug("pkg '%s' not in allowed origin" % pkg.name)
                 return False