Bug#782505: Also, was the libxrender update really built in 2013?

[Anthony DeRobertis]

The changelog entry, at least for i386, gives 14 May *2013* as the date. 
Weird a security update got delayed that long, but also concerning is 
that the libx11 changelog gives 11 Apr *2015*.

If those dates are correct, then it'd appear that xrender was /not/ 
built against the fixed libx11, meaning it doesn't really include the 
CVE-2013-7439 fix.


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org