Index: gnupg-2.0.20/g10/plaintext.c
===================================================================
--- gnupg-2.0.20.orig/g10/plaintext.c	2013-05-13 14:26:49.290737159 +0200
+++ gnupg-2.0.20/g10/plaintext.c	2013-05-13 14:43:21.740575875 +0200
@@ -25,6 +25,7 @@
 #include <errno.h>
 #include <assert.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #ifdef HAVE_DOSISH_SYSTEM
 #include <fcntl.h> /* for setmode() */
 #endif
@@ -39,6 +40,9 @@
 #include "status.h"
 #include "i18n.h"
 
+/* define safe permissions for creating plaintext files */
+#define GPG_SAFE_PERMS (S_IRUSR | S_IWUSR)
+#define GPG_SAFE_UMASK (0777 & ~GPG_SAFE_PERMS)
 
 /****************
  * Handle a plaintext packet.  If MFX is not NULL, update the MDs
@@ -140,10 +144,15 @@ handle_plaintext( PKT_plaintext *pt, md_
 	log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
 	goto leave;
       }
-    else if( !(fp = fopen(fname,"wb")) ) {
-	rc = gpg_error_from_syserror ();
-	log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
-	goto leave;
+    else {
+	mode_t saved_umask = umask(GPG_SAFE_UMASK);
+	if( !(fp = fopen(fname,"wb")) ) {
+		rc = gpg_error_from_syserror ();
+		log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
+		umask(saved_umask);
+		goto leave;
+	}
+	umask(saved_umask);
     }
 #else /* __riscos__ */
     /* If no output filename was given, i.e. we constructed it,