http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6171 "Buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages that cause the make_printable_string function to return a longer string than expected while constructing a prompt." FE[3456] seem affected, devel looks ok.
Yucky. FC-6+ should already be fine. Older releases need patching.
Unless I'm missing something, the upstream fix is not in FE6's 2.0.1rc1, but only in devel's 2.0.1 final. http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/branches/STABLE-BRANCH-1-4/g10/openfile.c?rev=4349&r1=4215&r2=4349
OK, though that's contrary to what the dev's said on the gpg-dev mailing list, I was planning on upgrading FC-6 to 2.0.1 final asap anyway.
Okey dokie, builds queue'd for remaining vulnerable releases: FC-6+: * Wed Nov 29 2006 Rex Dieter <rexdieter[AT]users.sf.net> 2.0.1-1 - gnupg-2.0.1 - CVE-2006-6169 (bug #217950) FC-3/4/5: * Fri Dec 01 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.22-8 - CVE-2006-6169 (bug #217950) - --disable-optmization on 64bit archs