[原文]PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate.
NAI PGP Certificates Unsigned ADKs Cleartext Message Disclosure
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
PGP contains a flaw that may allow an unsigned additional decryption key (ADK) to expose the plaintext content of an encrypted message. If a remote attacker sends a PGP certificate with an arbitrary ADK, an unsuspecting user may inadvertantly reveal the plaintext content of a PGP encrypted message.
Upgrade to version 6.5.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.