unhinge@programming.dev to Linux@lemmy.mlEnglish · 7 months agoHow do you track security vulnerabilities?message-squaremessage-square37fedilinkarrow-up177arrow-down15file-text
arrow-up172arrow-down1message-squareHow do you track security vulnerabilities?unhinge@programming.dev to Linux@lemmy.mlEnglish · 7 months agomessage-square37fedilinkfile-text
Do you rely on mailing lists or news articles for security vulnerabilities? Please share. I only got to know about xz/liblzma [1] and curl [2] [3] vulnerabilities through lemmy (maybe because of high severity?). 1 ↩︎ 2 ↩︎ 3 ↩︎
minus-squareeveninghere@beehaw.orglinkfedilinkarrow-up5·7 months agoSeeing my colleagues, I fear that the answer from them is “That’s the neat part, you don’t!”
minus-squareLast@reddthat.comlinkfedilinkarrow-up3·7 months agoSame here. Our servers are so out of date that we might not have a version of xz with any commits from Jia Tan at all.
minus-squaredelirious_owl@discuss.onlinelinkfedilinkarrow-up1·7 months agoI don’t think up-to-date Debian stable even got it before it was discovered. No prod servers should be affected
Seeing my colleagues, I fear that the answer from them is “That’s the neat part, you don’t!”
Same here. Our servers are so out of date that we might not have a version of xz with any commits from Jia Tan at all.
I don’t think up-to-date Debian stable even got it before it was discovered. No prod servers should be affected