libzypp was adjusted to enhance the RPM GPG key import/handling to
avoid a problem with multiple key blobs.

Attackers able to supplying a repository could let the packagemanager
show another keys fingerprint while a second one was actually used to
sign the repository (CVE-2013-3704).