Ubuntu Security Notice 1352-1 - David Black discovered that Software Properties incorrectly validated server certificates when performing secure connections to download PPA GPG key fingerprints. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.
ed4e02dba7b4a08925de4b916cb45352996ce6f53e0a2176dab04447951d5aec