If you’re a developer relying on GnuPG, check upstream for an update that plugs an input sanitisation bug. The short version, given in CVE-2018-12020, is that mishandles the filename, and as a result, an attacker can spoof the output it sends to other programs.
Read full news article on The Register