It has been blogged everywhere ... but the problem it's not the bug itself , "errare humanum est " ... and that's ~fair enough.
What's irritating --AGAIN!-- is Debian attitude of not feeding patches back upstream, specially when messing with such security sensitive packages, doing this would have effectively caught the bug and --albeit some deserved flame-- would have void the current situation.
By this arrogant attitude, they break the very power of FLOSS: collaboration, cross-fertilization, moooore eyes on your source.
Another thing to note: let's push against monocultures, that is: the more different distros and FLOSS OSes ... the better!
And now: something [not] completely different ...
img source: kriptopolis.org