Ubuntu Security Notice 3156-1 - Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
b7eb80c0b70482b71b386b58b45e73716f7e3508503ad770ba34c88879d48914
apt suffers from a repository signing bypass via memory allocation failure.
c29167700d9cf86ba6d903c347e03b32af971e7cb4e71b156fcea3249a80e545