Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.
Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
For Debian 7 Wheezy, these problems have been fixed in version 1.4.12-7+deb7u10.
We recommend that you upgrade your gnupg packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/