How do you track security vulnerabilities?

Do you rely on mailing lists or news articles for security vulnerabilities? Please share.

I only got to know about xz/liblzma ^[1] and curl ^[2] ^[3] vulnerabilities through lemmy (maybe because of high severity?).

You're viewing a single thread.

34 comments

My distribution (archlinux) notifies of critical vulnerabilities that require user action. There's a news mailing list.

After that I rely on social network (Mastodon mostly) or lemmy for news, as vulnerabilities often get some conversation. Apart from that, software i'm really interested in I also follow through RSS so I get news when they update for their vulnerabilities -that is when the vulnerabilities are not self inflicted as the xz case-.
- Arch Linux (like some other distros) also has a security tracker: https://security.archlinux.org/

You've viewed 34 comments.