I missed this article on the libwebp vulnerability the first time through, but I really have to appreciate this line after a list of high-profile projects and the versions with it patched:
“The number of affected software packages is too large to check all of them.”