[HIGH] CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails

PKSA-c8q4-qf8b-nmtq CVE-2016-1902 GHSA-jjx5-fq5g-8xpc

Affected package: symfony/security

Affected version: >=2.3.0,<2.3.37|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.6.13|>=2.7.0,<2.7.9

Reported by:
GitHub, FriendsOfPHP/security-advisories