Debian Security Advisory DSA 993-1 - Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP replacement, can be tricked to emit a "good signature" status message when a valid signature is included which does not belong to the data packet.
d2ec9a70711f451af643059b300e3b1dc3ca6b27e4aa33597e9b1d330dbee653
All versions of gnupg prior to 1.4.2.2 do not detect injection of unsigned data. Signature verification of non-detached signatures may give a positive result but when extracting the signed data, this data may be prepended or appended with extra data not covered by the signature. Thus it is possible for an attacker to take any signed message and inject extra arbitrary data.
33664dce746ce85ae7b0b0afb061d573e59b19d74f2b21ee3bfea0498ba07b5e