The bug is in the spec, but as the other pointer also points out:
> However, current implementations are not safe from that bug, so it is not recommended to use them. Instead, programs should use functions such as strtol(3) to parse numeric input. This manual page deprecates use of the numeric conversion specifiers until they are fixed by ISO C.
In other words, sscanf itself is not safe to use for numeric conversions.
Why should you care? Depends. Do you care about writing correct programs? If not, there's no need to care.
As the other poster points out, the bug is in the spec, and I'd be astonished if the library function itself actually misbehaves with any given input.