Man in the Middle flaw with all versions of APT on Debian
-
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
https://nvd.nist.gov/vuln/detail/CVE-2011-3374
Note: This does not affect Ubuntu just certain downstream versions of Debian. Ubuntu uses a separate package manager. You can read the email thread about it here