CVE-2025-8454 Information

Description

It was discovered that uscan a tool to scan/watch upstream sources for new releases of software included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier) skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

Reference

https://bugs.debian.org/1109251

Related CNNVD

CNNVD-202508-027 (Published: 2025-08-01)