CVE-2025-8454
CVE-2025-8454 affects the uscan component of devscripts. The vulnerability arises because uscan skips OpenPGP verification when the upstream source has already been downloaded in a prior run, even if verification had failed previously. This behavior is described across multiple sources (e.g., Red...