Please see

    http://www.gnupg.org/buglist.html

for a list of know bugs in GnuPG.  We don't distribute this list anymore
with the package because a more current one with notes in which version
the bug is fixed can be found online.

For security related bugs, please contact <security@gnupg.org> which
directs mails only to the core developers.  If you need to encrypt the
report you should use the public keys of the maintainer and of 2 or 3
other active developers (consult the ChangeLog and AUTHORS).