CVE-2025-8454 | THREATINT

Description

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

PUBLISHED Reserved 2025-08-01 | Published 2025-08-01 | Updated 2025-08-01 | Assigner debian

Product status

Default status

affected

Any version

affected

Credits

Uwe Kleine-König reporter

References

bugs.debian.org/1109251

cve.org (CVE-2025-8454)

nvd.nist.gov (CVE-2025-8454)

Download JSON