Applications relying on GnuPG to authenticate digital signatures may incorrectly believe a signature has been verified.
Solution: upgrade to 1.4.2.1. More information: http://security.gentoo.org/glsa/glsa-200602-10.xml http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0455 Yaakov
