Serious GPG RNG 18 year bug discovered.
Damage seems limited at this point with no need to revoke keys. However this is a “brown paper bag” level advisory.
http://lists.gnu.org/archive/html/info-gnu/2016-08/msg00008.html
CVE-2016-6316
Really goes to show that you must only trust widely studied crypto implementations and keep your fingers crossed that nothing terrible is lurking somewhere in the code-base.