CVE-2025-8454

Critical CVSS: 9.8

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

Vendor

Debian

Product

Devscripts

CWE

CWE-347

Yayın Tarihi

2025-08-01 06:15:29

Güncelleme

2025-08-06 16:17:38

Source Identifier

security@debian.org

KEV Date Added

Kategoriler

CWE-347 Devscripts CRITICAL Debian 2025

Referanslar

https://bugs.debian.org/1109251

Benzer Kayıtlar

High

CVE-2025-6297

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a…

Critical

CVE-2015-0842

yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.

Critical

CVE-2015-0843

yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.

Low

CVE-2015-0849

pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.

Critical

CVE-2014-7210

pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered tha…

Medium

CVE-2013-1424

Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36c…