Comment by nicce
6 hours ago
For this particular bug, for that to apply, you need some sort of oracle which tells that you are actually in the same child process that skips re-randomization before you can reduce the entropy. Based on this post, I cannot see that there is stable oracle to tell that?
I'm not making a claim about this bug, I'm saying that oracles and leaks are common and that nginx seems like a good target for them.