Debian Linux Security Advisory 4609-1 - Two security issues were found in the Python interface to the apt package manager; package downloads from unsigned repositories were incorrectly rejected and the hash validation relied on MD5.
183ef2617b0a2f81a817f8d952b2f5914ae4f2bdd3b732df89c57cdf0124b7dd
Ubuntu Security Notice 4247-3 - USN-4247-1 fixed several vulnerabilities in python-apt. This update provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.
8bddca56dbb4a79bec4c879b8ff74ac63d10d8587c17c8bd9ba9567aefc29c61
Ubuntu Security Notice 4247-2 - USN-4247-1 fixed vulnerabilities in python-apt. The updated packages caused a regression when attempting to upgrade to a new Ubuntu release. This update fixes the problem. It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. Various other issues were also addressed.
c5c90b310d7f5f0416773ced5efb38ab57d54948ec0f54e9541ce80aac0c7b0f
Ubuntu Security Notice 4247-1 - It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations.
402fb2d1cf0e095a11a20ae7a60a1b22d65ad8b15259576de22ffc2b62eddc30