CVE-2012-6702: Using XML_Parse before rand results into non-random output. Reference: CVE-2016-5300: Little entropy used for hash initialization. The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.