Issue is sufficiently discussed in several forums such as Bugtraq etc. Werner Koch released GnuPG 1.0.4f an hour ago which contains fixes against this attack. References: http://www.securityfocus.com/archive/1/170386 http://lists.gnupg.org/pipermail/gnupg-devel/2001-March/005846.html http://lists.gnupg.org/pipermail/gnupg-devel/2001-March/005849.html
Aw, crap.
GnuPG 1.0.5 is released
*** Bug 38508 has been marked as a duplicate of this bug. ***
1.0.5 is being prepped for errata release.