The MITRE CVE dictionary describes this issue as:
gpgv in GnuPG before 18.104.22.168, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
Red Hat security errata
|Red Hat Enterprise Linux version 2.1 (gnupg)||RHSA-2006:0266||March 15, 2006|
|Red Hat Enterprise Linux version 3 (gnupg)||RHSA-2006:0266||March 15, 2006|
|Red Hat Enterprise Linux version 4 (gnupg)||RHSA-2006:0266||March 15, 2006|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.