Yep.
If it's the vulnerability I think it is, it's already been reported and disclosed by FrSIRT and the US National Vulnerability Database, and as such already public, so I don't know why they've asked for encryption of the emails. Regardless I've made myself a PGP key and sent it to them as requested and I'll wait and see what they say.
If you want in you can probably generate and send them your PGP key as well I guess.