It doesn't seem to be as simple. If a program can catch vulnerable keys, it is probably a
very serious issue. From one of the comments in http://www.dslreports.com/forum/r204743,
apparently the intent of not using uninitialized data for random number pool is good, but the
code is wrong enough that trim down seriously the amount of possible random numbers being
used, making it rather easy to get through. So if you do have something using Debian, go
regenerate all SSH and Apache-SSL keys that are originally generated by these systems, quick.