Do you rely on mailing lists or news articles for security vulnerabilities? Please share.

I only got to know about xz/liblzma [1] and curl [2] [3] vulnerabilities through lemmy (maybe because of high severity?).


  1. 1 ↩︎

  2. 2 ↩︎

  3. 3 ↩︎

  • Last
    link
    fedilink
    arrow-up
    6
    ·
    3 months ago

    I rely on notifications from glsa-check or my distro’s package manager. I was notified about a problem with xz-utils on Thursday evening, but didn’t see anyone post about it until Friday morning.

    glsa-check is a command-line tool included with the gentoolkit package in Gentoo Linux. Its primary function is to scan your system for installed packages that are vulnerable according to Gentoo Linux Security Advisories (GLSAs). GLSAs are official notifications from the Gentoo security team about security vulnerabilities that affect packages in the Gentoo repository.