Michael Vogt

**Name of the Vulnerable Software and Affected Versions** Aptdaemon version 0.43 in Ubuntu versions 11.10 and 12.04 LTS **Description** The issue allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack. This is due to Aptdaemon using short IDs when importing PPA GPG keys from a keyserver. **Recommendations** For Aptdaemon version 0.43 in Ubuntu versions 11.10 and 12.04 LTS, consider using a secure connection to import PPA GPG keys to minimize the risk of a man-in-the-middle attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libsoup versions 2.32.2 and earlier **Description** The issue allows remote attackers to bypass authentication by connecting with an SSL connection, as it does not validate certificates or clear the trust flag when the ssl-ca-file does not exist. **Recommendations** For versions 2.32.2 and earlier, ensure the ssl-ca-file exists and is properly configured to validate certificates and maintain the trust flag. As a temporary workaround, consider disabling SSL connections until a proper fix is applied.