The changelog entry, at least for i386, gives 14 May *2013* as the date. Weird a security update got delayed that long, but also concerning is that the libx11 changelog gives 11 Apr *2015*.

If those dates are correct, then it'd appear that xrender was /not/ built against the fixed libx11, meaning it doesn't really include the CVE-2013-7439 fix.


--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to