4 matches found
EUVD-2025-8628
Malicious code in bioql PyPI...
GHSA-76G3-38JV-WXH4 tough timestamp metadata is cached when it fails snapshot rollback check
Summary TUF repositories use the timestamp role to protect against rollback events by enabling an automated process to periodically sign the role's metadata. While tough will ensure that the version of snapshot metadata in new timestamp metadata files was always greater than or equal to the...
tough timestamp metadata is cached when it fails snapshot rollback check
Summary TUF repositories use the timestamp role to protect against rollback events by enabling an automated process to periodically sign the role's metadata. While tough will ensure that the version of snapshot metadata in new timestamp metadata files was always greater than or equal to the...
CVE-2025-2888
CVE-2025-2888 affects the Amazon tough client (The Update Framework) where, during a snapshot rollback, the client incorrectly caches timestamp metadata. If the next update checks this cache, update timestamp validation may fail, blocking subsequent updates until the cache is cleared. The issue i...