+++ This bug was initially created as a clone of Bug #181822 +++ The Gentoo project identified a security related bug in GnuPG. When using any current version of GnuPG for unattended signature verification (e.g. by scripts and mail programs), false positive signature verification of detached signatures may occur. This is primarily an issue since gpg return 0 on what should be a failure. This will break automated scripts. http://marc.theaimsgroup.com/?l=gnupg-devel&m=113999098729114&w=2 A reproducer for RHEL can be found here: http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html (The Background section near the bottom) This issue also affects RHEL2.1 and RHEL3
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0266.html