This is sort of overblown. The vulnerability is in libcurl, not apt. It only applies to people (and CAs) who are dumb enough to issue certs where there is a wildcarded IP in the CN. I've never seen this in the wild, not that it couldn't happen.