Applications relying on GnuPG to authenticate digital signatures may
incorrectly believe a signature has been verified.
Solution: upgrade to 1.4.2.1.
More information:
http://security.gentoo.org/glsa/glsa-200602-10.xml
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html
Hi Yaakov,
Applications relying on GnuPG to authenticate digital signatures may
incorrectly believe a signature has been verified.
Solution: upgrade to 1.4.2.1.
I got the hint ;) Expect a new version in the next week or so.
Volker
--
PGP/GPG key (ID: 0x9F8A785D) available from