It was discovered that GnuPG 2 uses a freed pointer when verify a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution. For the stable distribution , this problem has been fixed in version 2.0.9-3.1+lenny1. For the unstable distribution , this problem has been fixed in version 2.0.14-2. GnuPG 1 is not affected by this problem. We recommend that you upgrade your gnupg2 packages.