USN-432-1 fixed a vulnerability in GnuPG. This update provides the
corresponding updates for GnuPG2 and the GPGME library.
Original advisory details:
Gerardo Richarte from Core Security Technologies discovered that when
gnupg is used without --status-fd, there is no way to distinguish
initial unsigned messages from a following signed message. An attacker
could inject an unsigned message, which could fool the user into
thinking the message was entirely signed by the original sender.