Man in the Middle flaw with all versions of APT on Debian
IRJ last edited by IRJ
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
Note: This does not affect Ubuntu just certain downstream versions of Debian. Ubuntu uses a separate package manager. You can read the email thread about it here