VYPR

Software Properties

by Ubuntu

CVEs (2)

  • CVE-2011-4407May 14, 2014
    risk 0.00cvss epss 0.01

    ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.

  • CVE-2012-5356Oct 10, 2012
    risk 0.00cvss epss 0.02

    The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to…