Do you rely on mailing lists or news articles for security vulnerabilities? Please share.

I only got to know about xz/liblzma [1] and curl [2] [3] vulnerabilities through lemmy (maybe because of high severity?).


  1. 1 ↩︎

  2. 2 ↩︎

  3. 3 ↩︎

  • eveninghere@beehaw.org
    link
    fedilink
    arrow-up
    6
    ·
    7 months ago

    Seeing my colleagues, I fear that the answer from them is “That’s the neat part, you don’t!”

    • Last@reddthat.com
      link
      fedilink
      arrow-up
      4
      ·
      7 months ago

      Same here. Our servers are so out of date that we might not have a version of xz with any commits from Jia Tan at all.

      • delirious_owl
        link
        fedilink
        arrow-up
        1
        ·
        7 months ago

        I don’t think up-to-date Debian stable even got it before it was discovered. No prod servers should be affected