The bug is caused by a weakness in the random number generator used to create SSL and SSH public and private cryptographic keys, used to secure website traffic.

Source: SC Magazine (http://www.securecomputing.net.au/news/76497,debian-random-key-generator-flaw-could-persist.aspx)