Ubuntu Security Notice 2566-1 - Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could bypass signature verification checks.
6cf9f3e41298a6212ac8a4bcd8c602d537ac9410e0524b541502765d10e1b336
Debian Linux Security Advisory 3217-1 - Jann Horn discovered that the source package integrity verification in dpkg-source can be bypassed via a specially crafted Debian source control file (.dsc). Note that this flaw only affects extraction of local Debian source packages via dpkg-source but not the installation of packages from the Debian archive.
66567458b5c55f0422e2fb70b36cadea666fe817ca19700b553c62b88cca0cbf