Bugs in pseudorandom number generators (PRNGs) are usually cause for concern, at least in cryptographic circles.
There have been numerous examples over the years.
We had the Debian “code fix” that removed all but 15 bits’ worth of unpredictability from the random generator used to secure OpenSSH.
We had the CryptoCat bug that caused zeros to turn up about 0.4% too often.
And recently we had a cryptographic design flaw in Drupal that saw the wrong sort of random generator used in the wrong sort of way.
But this story is different.MORE