Please see http://bugs.gnupg.org/ for a list of known bugs in GnuPG. We don't distribute this list with the package any longer because a more current one with notes in which version the bug is fixed can be found online. For security related bugs, please contact which directs mails only to the core developers. If you need to encrypt the report you should use the public keys of the maintainer and of 2 or 3 other active developers (consult the ChangeLog and AUTHORS).