The changelog entry, at least for i386, gives 14 May *2013* as the date.
Weird a security update got delayed that long, but also concerning is
that the libx11 changelog gives 11 Apr *2015*.
If those dates are correct, then it'd appear that xrender was /not/
built against the fixed libx11, meaning it doesn't really include the
CVE-2013-7439 fix.
--
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/552d5d38.6080...@metrics.net
