It was discovered that the std::random_device class in libstdc++ would not properly detect short reads and could return return predictable values if applications used it to obtain randomness from a blocking source such as /dev/random.
External references: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142
Upstream commit: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=227687 https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=227872
Created gcc tracking bugs for this issue: Affects: fedora-all [bug 1262852]
std::random_device is not guaranteed to be cryptographically secure and should not be used for secure cryptographic code. Thus having a low impact.
I was intending to fix this. std::random_device can use /dev/random in GCC's implementation (and the intent of the C++ standard is to allow, even encourage that), isn't that suitable for secure crypto?