Hi, I believe we currently have no plans to monitor security fixes in embedded libraries. So I guess, from time to time, or for a reason, a committer gets a look to a lib and update it. We are quite blind.
Unfortnately, I think there are no free tools in the IT industry. Paying ones exist, like http://www.tenable.com/products/securitycenter (found at https://cve.mitre.org/compatible/vulnerability_alerting.html) So all we can do is to subscribe to services like https://www.kb.cert.org/vuls/ I just susbcribed to "National Cyber Awareness System Mailing Lists" (US gov), is something else doing so? Weirdly the EU has no such ML http://cert.europa.eu/cert/newsletter/fr/latest_Security%20Bulletins_.html (?) Only a RSS feed http://cert.europa.eu/cert/filteredition/en/CERTNewsFilter.html Jacques
