SigSpoof explained

SigSpoof
Discoverer:Marcus Brinkmann
Affected Software:GNU Privacy Guard (GnuPG) from v0.2.2 to v2.2.8.

SigSpoof is a family of security vulnerabilities that affected the software package GNU Privacy Guard ("GnuPG") since version 0.2.2, that was released in 1998. Several other software packages that make use of GnuPG were also affected, such as Pass and Enigmail.

In un-patched versions of affected software, SigSpoof attacks allow cryptographic signatures to be convincingly spoofed, under certain circumstances. This potentially enables a wide range of subsidiary attacks to succeed.