No authentication check if DPkg::Options::", "--force-confold" is set in apt conf

This is CVE-2015-1330

CRD is 2015-06-29 17:00:00 UTC

These debdiffs FTBFS from new test suite failures:

======================================================================
ERROR: test_blacklist (__main__.TestOriginPatern)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test_origin_pattern.py", line 115, in test_blacklist
    check_changes_for_sanity(cache, allowed_origins, blacklist, [".*"]))
  File "/«PKGBUILDDIR»/test/unattended_upgrade.py", line 532, in check_changes_for_sanity
    if not any([o.trusted for o in pkg.candidate.origins]):
  File "/«PKGBUILDDIR»/test/unattended_upgrade.py", line 532, in <listcomp>
    if not any([o.trusted for o in pkg.candidate.origins]):
AttributeError: 'MockOrigin' object has no attribute 'trusted'

======================================================================
ERROR: test_whitelist_with_strict_whitelisting (__main__.TestOriginPatern)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test_origin_pattern.py", line 135, in test_whitelist_with_strict_whitelisting
    check_changes_for_sanity(cache, allowed_origins, [], whitelist))
  File "/«PKGBUILDDIR»/test/unattended_upgrade.py", line 532, in check_changes_for_sanity
    if not any([o.trusted for o in pkg.candidate.origins]):
  File "/«PKGBUILDDIR»/test/unattended_upgrade.py", line 532, in <listcomp>
    if not any([o.trusted for o in pkg.candidate.origins]):
AttributeError: 'MockOrigin' object has no attribute 'trusted'

Test cases fixed with:

diff -Nru unattended-upgrades-0.83.6/test/test_origin_pattern.py unattended-upgrades-0.83.6ubuntu1/test/test_origin_pattern.py
--- unattended-upgrades-0.83.6/test/test_origin_pattern.py 2015-03-05 11:36:33.000000000 -0500
+++ unattended-upgrades-0.83.6ubuntu1/test/test_origin_pattern.py 2015-06-22 08:45:40.000000000 -0400
@@ -15,7 +15,7 @@

 class MockOrigin():
- pass
+ trusted = True

 class MockCandidate():

Thanks Marc! Sorry for the missing line in the test. The one I send by mail had it but it seems like I forgot to add the updated version here. My apologizes.

This bug was fixed in the package unattended-upgrades - 0.82.1ubuntu2.3

---------------
unattended-upgrades (0.82.1ubuntu2.3) trusty-security; urgency=medium

  * fix missing package authentication check for apt
     configurations that force-{confold,confnew} (CVE-2015-1330)
     LP: #1466380

 -- Michael Vogt <email address hidden> Fri, 19 Jun 2015 11:32:36 +0200

This bug was fixed in the package unattended-upgrades - 0.82.8ubuntu0.3

---------------
unattended-upgrades (0.82.8ubuntu0.3) utopic-security; urgency=medium

  * fix missing package authentication check for apt
     configurations that force-{confold,confnew} (CVE-2015-1330)
     LP: #1466380

 -- Michael Vogt <email address hidden> Fri, 19 Jun 2015 11:38:24 +0200

This bug was fixed in the package unattended-upgrades - 0.76ubuntu1.1

---------------
unattended-upgrades (0.76ubuntu1.1) precise-security; urgency=medium

  * fix missing package authentication check for apt
     configurations that force-{confold,confnew} (CVE-2015-1330)
     LP: #1466380

 -- Michael Vogt <email address hidden> Fri, 19 Jun 2015 11:12:10 +0200

This bug was fixed in the package unattended-upgrades - 0.83.6ubuntu1

---------------
unattended-upgrades (0.83.6ubuntu1) vivid-security; urgency=medium

  * fix missing package authentication check for apt
    configurations that force-{confold,confnew} (CVE-2015-1330)
    LP: #1466380

 -- Michael Vogt <email address hidden> Fri, 19 Jun 2015 15:00:24 +0200

This bug was fixed in the package unattended-upgrades - 0.86.1

---------------
unattended-upgrades (0.86.1) unstable; urgency=medium

  * fix missing package authentication check for apt
     configurations that force-{confold,confnew} (CVE-2015-1330)
     LP: #1466380

 -- Michael Vogt <email address hidden> Mon, 29 Jun 2015 19:28:06 +0200