I rely on notifications from glsa-check
or my distro’s package manager. I was notified about a problem with xz-utils
on Thursday evening, but didn’t see anyone post about it until Friday morning.
glsa-check
is a command-line tool included with the gentoolkit package in Gentoo Linux. Its primary function is to scan your system for installed packages that are vulnerable according to Gentoo Linux Security Advisories (GLSAs). GLSAs are official notifications from the Gentoo security team about security vulnerabilities that affect packages in the Gentoo repository.
Same here. Our servers are so out of date that we might not have a version of xz with any commits from Jia Tan at all.