I recommend also subscribing to the Debian security mailing list[1], even if you're not a Debian user--they are on top of security issues that involve software in their repo (and that's a lot of software) within minutes of the advisories.
In fact, that's how I learned about most of the Drupal's core security issues (got a message in my inbox) and was able to patch them up really quickly.
In fact, that's how I learned about most of the Drupal's core security issues (got a message in my inbox) and was able to patch them up really quickly.
[1] https://lists.debian.org/debian-security-announce/