Please see http://www.gnupg.org/buglist.html for a list of know bugs in GnuPG. We don't distribute this list anymore with the package because a more current one with notes in which version the bug is fixed can be found online. For security related bugs, please contact which directs mails only to the core developers. If you need to encrypt the report you should use the public keys of the maintainer and of 2 or 3 other active developers (consult the ChangeLog and AUTHORS).