Debian Devscripts vulnerabilities

CVE-2025-8454 [CRITICAL] CWE-347 CVE-2025-8454: It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, in It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

CVE-2013-7325 [HIGH] CVE-2013-7325: An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execu An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.

CVE-2018-13043 [CRITICAL] CWE-94 CVE-2018-13043: scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAM scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing.