It was discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package. The risk is HIGH. User's keys may be guessable allowing an attacker to assume the identity associated with the keys.
More...