A vulnerability was found in libxslt where the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.
Created libxslt tracking bugs for this issue:
Affects: fedora-all [bug 1439559]
Created mingw-libxslt tracking bugs for this issue:
Affects: epel-7 [bug 1439557]
Affects: fedora-all [bug 1439558]
The xslt random function provided by libxslt does not offer any security or cryptography guarantees. Applications using libxslt that rely on non-repeatable randomness should be seeding the system PRNG (srand()) themselves, as they would if calling rand() directly.