libgcrypt 1.6.4 implements a protection against key leakage with errors in the calculation of RSA signatures with the Chinese Remainder Theorem:
It can be argued whether this is a vulnerability or "just" a hardening measurement. In a correctly working environment this is no security issue, it only becomes one if there is faulty hardware or other bugs in the software that cause miscalculations. A CVE has been requested on oss-security (but mitre may decide that it's not CVE-worthy).
The background of this change is a very interesting research paper by Florian Weimer from Red Hat:
I'm tempted to call this security hardening rather than a vulnerability myself, although I agree the research paper is interesting.
Just bumped package in tree and tested it successfully on my laptop for some common gnupg operations; but should give it some time in tree before stabilizing as usability/stability thrums this security issue/hardening matter.
@crypto, 1.6.5 is current stable, but is 1.5.x affected by this?
(In reply to Aaron Bauman from comment #2)
> @crypto, 1.6.5 is current stable, but is 1.5.x affected by this?
1.5 is EOL , removal is tracked in bug 567382
This issue was resolved and addressed in
GLSA 201610-04 at https://security.gentoo.org/glsa/201610-04
by GLSA coordinator Kristian Fiskerstrand (K_F).