The current version of gnupg in testing is 1.4.3-2; it's vulnerable to CVE-2006-3746 (remote denial of service). This has been fixed in 1.4.5-1, although it's not mentioned in the changelog (CVE was assigned after upload). According to grep-excuses, the propagation of 1.4.5-1 is blocked because gnupg is in freeze. Would you please allow this version to reach testing?
Attachment:
signature.asc
Description: Digital signature