We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-8454



Description

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

Reserved 2025-08-01 | Published 2025-08-01 | Updated 2025-08-01 | Assigner debian

Product status

Default status
affected

Any version
affected

Credits

Uwe Kleine-König reporter

References

bugs.debian.org/1109251

cve.org (CVE-2025-8454)

nvd.nist.gov (CVE-2025-8454)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-8454

Support options

Helpdesk Chat, Email, Knowledgebase