Realloc bug discovered in app-crypt/gnupg-2.*, could potentially be exploited, though no exploit is yet known, according to the post by gnupg authors.
>All applications using GnuPG's GPGSM tool to process S/MIME messages
>or manage X.509 certificates are affected. The bug exists in all
>versions of GnuPG including the recently released GnuPG 2.0.16.
>GPG (i.e. OpenPGP) is NOT affected.
>GnuPG 1.x is NOT affected because it does not come with the GPGSM
>An exploit is not yet known but it can't be ruled out for sure that
>the problem has not already been identified by some dark forces.
Steps to Reproduce:
*** This bug has been marked as a duplicate of bug 329583 ***
Oops sry ... was posted some minutes earlier by cilly when I was reading and typing report ;)