libgcrypt is affected by the calloc() bug described in <http://CERT.Uni-Stuttgart.DE/advisories/calloc.php>. You might want to copy the fix from GNU libc. A security advisory is probably unnecessary because it seems that the bug is not exploitable as long as the usual libgcrypt interfaces is used.