i'd love it if any changes to x.org could also include fixing xcb build option to avoid the hack (using two sets of libs) for qt5.

other than x11, openssl and bash, what other base installed packages are vulnerable though? POODLE, Heartbleed, Shellshock and years old X11 issues are very well known but do we have man power to check everything else.

i did start to look through a diff of cssu version of gtk and jessie's latest yesterday to see about porting maemo changes to jessie. if there's any security issues there, looks reasonably straight forward in most places to add maemo changes. dependencies and compatibility issues though i haven't looked at. more like a preliminary assessment.