It was found that when calling XML_Parse ahead of rand(), it causes the pseudo random generator to generate non-random predictable numbers. Product bug: https://bugzilla.redhat.com/show_bug.cgi?id=1197087
Created compat-expat1 tracking bugs for this issue: Affects: fedora-all [bug 1319733]
Created expat tracking bugs for this issue: Affects: fedora-all [bug 1319732]
Created mingw-expat tracking bugs for this issue: Affects: fedora-all [bug 1319734] Affects: epel-7 [bug 1319736]
Created expat21 tracking bugs for this issue: Affects: epel-all [bug 1319735]
CVE assignment: http://seclists.org/oss-sec/2016/q2/469
Created attachment 1165212 [details] Proposed upstream patch