Candidate: CVE-2012-5356
PublicDate: 2012-10-10 18:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5356
 https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643
 http://xforce.iss.net/xforce/xfdb/78990
 https://ubuntu.com/security/notices/USN-1588-1
Description:
 The apt-add-repository tool in Ubuntu Software Properties 0.75.x before
 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before
 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys
 imported from a keyserver, which allows remote attackers to install
 arbitrary package repository GPG keys via a man-in-the-middle (MITM)
 attack.
Ubuntu-Description:
Notes:
Bugs:
 https://launchpad.net/bugs/1016643
Priority: medium
Discovered-by: Marc Deslauriers
Assigned-to: mdeslaur
CVSS: 

Patches_software-properties:
upstream_software-properties: needs-triage
hardy_software-properties: ignored (reached end-of-life)
lucid_software-properties: released (0.75.10.3)
natty_software-properties: released (0.80.9.2)
oneiric_software-properties: released (0.81.13.5)
precise_software-properties: released (0.82.7.3)
devel_software-properties: not-affected (0.92.8)