From BouncyCastle 1.34 release notes: Security Advisory If you are using RSA with a public exponent of three you must upgrade to this release if you want to avoid recent forgery attacks that have been described against specific implementations of the RSA signature algorithm. java-1.4.2-gcj-compat in FC5 ship with BC 1.31 and may thus be affected.
I've imported Bouncy Castle 1.34 into FC-5 update-testing: java-1.4.2-gcj-compat-1.4.2.0-40jpp_83rh.3 and FC-6 updates-testing: bouncycastle-1.34-1
I pushed bouncycastle-1.34-2.fc6 and java-1.4.2-gcj-compat-1.4.2.0-40jpp_83rh.4 to final and built bouncycastle-1.34-2.fc7 in Rawhide. Closing.