http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6235 "A "stack overwrite" vulnerability in GnuPG (gpg) before 1.2.1 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory." FC6+ seem to be taken care of already, FC-[345] not yet.
Right FC-6+ build pushed yesterday already. %changelog * Wed Dec 06 2006 Rex Dieter <rexdieter[AT]users.sf.net> 2.0.1-2 - CVE-2006-6235 (bug #218821) Older releases don't include the gpg2 (and friends) binaries, so they aren't (shouldn't!) be affected by this.
Seems so indeed.