CVE-2015-1337
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.
Date published : 2015-10-09
https://bugs.launchpad.net/ubuntu/%2Bsource/simplestreams/%2Bbug/1487004