Please see http://bugs.gnupg.org/ for a list of known bugs in GnuPG. We don't distribute this list with the package any longer because a more current one with notes in which version the bug is fixed can be found online. For security related bugs, please contact <security@gnupg.org> which directs mails only to the core developers. If you need to encrypt the report you should use the public keys of the maintainer and of 2 or 3 other active developers (consult the ChangeLog and AUTHORS).