Описание
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | needs-triage | |
| esm-infra/xenial | needs-triage | |
| jammy | needs-triage | |
| noble | needs-triage | |
| plucky | needs-triage | |
| upstream | needs-triage |
Показывать по
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.
It was discovered that uscan, a tool to scan/watch upstream sources fo ...
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification for files already downloaded even if a previous verification did fail.
EPSS
9.8 Critical
CVSS3