PSA: GPG vulnerability: Signing can be compromised

[unixronin]

schneier reports on a recently-discovered vulnerability which allows a GPG-signed message to be modified after digitally signing it, without disturbing the signature verification.

The bug is fixed in GPG 1.4.2.2.  Follow instructions here for download.

(Note:  Upgrading to GnuPG 1.4.x may require you to upgrade readline to v5.0 or newer.)