This update for gpg2 fixes the following issues: * CVE-2018-9234: Fixed unenforced configuration allows for apparently valid certifications actually signed by signing subkeys .