Werner Koch reports:
In the aftermath of the false positive signature verfication bug (announced 2006-02-15) more thorough testing of the fix has been done and another vulnerability has been detected. This new problem affects the use of gpg for verification of signatures which are not detached signatures. The problem also affects verification of signatures embedded in encrypted messages; i.e. standard use of gpg for mails.