CVE-2025-8454

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-8454

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-8454.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-8454

Downstream

UBUNTU-CVE-2025-8454

Published

2025-08-01T06:15:29Z

Modified

2025-08-06T16:46:13.368054Z

Summary

[none]

Details

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

References

Affected packages

Debian:11 / devscripts

Package

Name: devscripts
Purl: pkg:deb/debian/devscripts?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.21.3

2.21.3+deb11u1~bpo10+1

2.21.3+deb11u1

2.21.4~bpo11+1

2.21.4

2.21.5

2.21.6~bpo11+1

2.21.6

2.21.7~bpo11+1

2.21.7

2.22.1~bpo11+1

2.22.1

2.22.2~bpo11+1

2.22.2

2.22.2+hurd.1

2.23.0

2.23.1

2.23.2

2.23.3

2.23.4

2.23.5~bpo11+1

2.23.5

2.23.6~bpo11+1

2.23.6

2.23.7~bpo11+1

2.23.7

2.24.1

2.24.2

2.24.3

2.24.4

2.24.5

2.24.6

2.24.7

2.24.8

2.24.9

2.24.10

2.25.1

2.25.2

2.25.3

2.25.4

2.25.5

2.25.6

2.25.7

2.25.8~bpo12+1

2.25.8

2.25.9

2.25.10~bpo12+1

2.25.10

2.25.11

2.25.12

2.25.13

2.25.14

2.25.15~bpo12+1

2.25.15

2.25.16

2.25.17

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / devscripts

Package

Name: devscripts
Purl: pkg:deb/debian/devscripts?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.23.4

2.23.4+deb12u1

2.23.4+deb12u2

2.23.5~bpo11+1

2.23.5

2.23.6~bpo11+1

2.23.6

2.23.7~bpo11+1

2.23.7

2.24.1

2.24.2

2.24.3

2.24.4

2.24.5

2.24.6

2.24.7

2.24.8

2.24.9

2.24.10

2.25.1

2.25.2

2.25.3

2.25.4

2.25.5

2.25.6

2.25.7

2.25.8~bpo12+1

2.25.8

2.25.9

2.25.10~bpo12+1

2.25.10

2.25.11

2.25.12

2.25.13

2.25.14

2.25.15~bpo12+1

2.25.15

2.25.16

2.25.17

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / devscripts

Package

Name: devscripts
Purl: pkg:deb/debian/devscripts?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.25.15

2.25.16

2.25.17

Ecosystem specific

{
    "urgency": "not yet assigned"
}