Debian Security Advisory 1394-1 - It was discovered that reprepro, a tool to create a repository of Debian packages, when updating from a remote site only checks for the validity of known signatures, and thus does not reject packages with only unknown signatures. This allows an attacker to bypass this authentication mechanism.
60d23da1e2015da9d936912af37e55c48e760f1a5371475dfeb7547a34be9d34