libXdmcp -- insufficient entropy generating session keys

The freedesktop and x.org project reports:

It was discovered that libXdmcp before 1.1.3 used weak
entropy to generate session keys on platforms without
arc4random_buf() but with getentropy(). On a multi-user system using
xdmcp, a local attacker could potentially use information available
from the process list to brute force the key, allowing them to
hijack other users’ sessions.
Please note, that since FreeBSD provides arc4random_buf(), it is
unknown if FreeBSD is affected by this vulnerability