New Year, Old Bug

Happy New Year, and we start the new year with a very old bug which really amazes me.

This (see here for some explanation) is a bug introduced on May 10th, 1991 in X11 (now also Xorg), the graphics environment of any Unix and Unix-like OS. The bug is a buffer overflow which when exploited could give administrator rights (if X11 is running with these rights).

We have seen too many of these bugs and now they are almost history, in the sense that it is so well-known how to avoid them that they should not appear in any program. How is it then possible that in an open-source program, very well-known, very well scrutinized, widely adopted, a bug like this will remain undetected for 22 years?