A vulnerability was found in libxslt where the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=758400
Created libxslt tracking bugs for this issue: Affects: fedora-all [bug 1439559] Created mingw-libxslt tracking bugs for this issue: Affects: epel-7 [bug 1439557] Affects: fedora-all [bug 1439558]
Statement: The xslt random function provided by libxslt does not offer any security or cryptography guarantees. Applications using libxslt that rely on non-repeatable randomness should be seeding the system PRNG (srand()) themselves, as they would if calling rand() directly.