Well, that's not quite an accurate representation of the issue.
OpenSSL was trying to use uninitialized memory to seed the PRNG in one of the calls. The fix silenced the warnings by removing (almost) all seeding of the PRNG, instead of just the uninitialized memory seeding.
To his credit, the patch author did attempt to ask the OpenSSL developers if the patch was doing things correctly. However, the developers apparently didn't watch their own mailing list, and this didn't come out until after the problems were made public and the developers were laughing about what a n00b the Debian contributor was.
I hate to misrepresent facts, but after looking over what I wrote and reading what I linked for the first time in many years I don’t see any misrepresentation of the issue. Yes, what you write adds additional detail, but nowhere do I or what I link go after the Debian contributor; I was simply trying to make the point that spurious errors can lead us astray. Thank you for adding more nuance and do correct me if I messed up somewhere as I am unable to see it myself.
This sort of problem is probably why the article doesn't recommend compiler warnings as a useful intervention point: they can be ignored, but then continue to annoy future developers who aren't responsible for the mistake.
OpenSSL was trying to use uninitialized memory to seed the PRNG in one of the calls. The fix silenced the warnings by removing (almost) all seeding of the PRNG, instead of just the uninitialized memory seeding.
To his credit, the patch author did attempt to ask the OpenSSL developers if the patch was doing things correctly. However, the developers apparently didn't watch their own mailing list, and this didn't come out until after the problems were made public and the developers were laughing about what a n00b the Debian contributor was.