OESA-2026-2637 libsolv security update

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...

EUVD-2025-23342

Malicious code in bioql PyPI...

CVE-2025-8454

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the life of a Debian Package maintainer easier, skips OpenPGP verification if the upstream source is already downloaded from a previous run even...

CVE-2025-8454

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the life of a Debian Package maintainer easier, skips OpenPGP verification if the upstream source is already downloaded from a previous run even...

CVE-2025-8454

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the life of a Debian Package maintainer easier, skips OpenPGP verification if the upstream source is already downloaded from a previous run even...

DEBIAN-CVE-2025-8454

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the life of a Debian Package maintainer easier, skips OpenPGP verification if the upstream source is already downloaded from a previous run even...

UBUNTU-CVE-2025-8454

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the life of a Debian Package maintainer easier, skips OpenPGP verification if the upstream source is already downloaded from a previous run even...

CVE-2025-8454

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the life of a Debian Package maintainer easier, skips OpenPGP verification if the upstream source is already downloaded from a previous run even...

CVE-2025-8454

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the life of a Debian Package maintainer easier, skips OpenPGP verification if the upstream source is already downloaded from a previous run even...

CVE-2025-8454

CVE-2025-8454 affects the uscan component of devscripts. The vulnerability arises because uscan skips OpenPGP verification when the upstream source has already been downloaded in a prior run, even if verification had failed previously. This behavior is described across multiple sources (e.g., Red...

PT-2025-31608 · Unknown +2 · Devscripts +2

Name of the Vulnerable Software and Affected Versions: uscan affected versions not specified Description: uscan, a tool included in devscripts, skips OpenPGP verification for files already downloaded, even if a previous verification failed. Recommendations: At the moment, there is no information...