PackageKit incorrectly handled local deb packages. A local user could possibly use this issue to install untrusted packages, contrary to expectations. References: https://packetstormsecurity.com/files/159284/USN-4538-1.txt
Created PackageKit tracking bugs for this issue: Affects: fedora-all [bug 1884563]
External References: https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098
Statement: PackageKit as shipped with Red Hat Enterprise Linux 6, 7, and 8 is not affected by this flaw because it uses a different backend, and the flaw is specific to the aptcc backend used for debian-based systems.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-16122