Описание
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | deferred | 2026-03-20 |
| esm-infra-legacy/trusty | deferred | 2026-03-20 |
| esm-infra/bionic | deferred | 2026-03-20 |
| esm-infra/focal | deferred | 2026-03-20 |
| esm-infra/xenial | deferred | 2026-03-20 |
| jammy | deferred | 2026-03-20 |
| noble | deferred | 2026-03-20 |
| plucky | ignored | end of life, was deferred [2026-03-20] |
| questing | deferred | 2026-03-20 |
| upstream | deferred | 2026-03-20 |
Показывать по
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.
It was discovered that uscan, a tool to scan/watch upstream sources fo ...
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification for files already downloaded even if a previous verification did fail.
EPSS
9.8 Critical
CVSS3