Investigate if/how we could more efficiently be aware of MFSAs
During the discussion about Icedove's release timing the question arose if we could more efficiently track security issues which concern Tails, Icedove or other software we ship. Maybe this has already been discussed and maybe sysadmins keep track of this kind of thing?
#2 Updated by u over 3 years ago
MFSAs are published here:
Known vulns in TB are published here:
CVEs affecting TB:
FD (has RSS feed):
Right now I'm sort of dreaming on having a tool which would search all these lists via RSS and send email whenever a certain keyword pops up..
#5 Updated by u over 3 years ago
- Status changed from In Progress to Resolved
- Affected tool deleted (
It now looks like this is not a specific question to Icedove, because we have the same problem with any other software. So this should be part of a larger discussion.
We have processes to be aware of browser updates which work quite well.
Even if we were aware of MFSAs early enough in the process for Icedove, we still rely on Debian to get security patches.
But with the AppArmor profile such problem might be partly mitigated in the meantime.
Once we feel more comfortable with this, we might revisit this question, but for now i will close this ticket.