question about security issues affecting newlib

[Roberto Martelloni]

Hi,

how can I know when a software vulnerability affecting newlib has been
detected, reported and fixed ?

Since in my understanding newlib is a conglomerate of different source code
plus obviously custom source code:

   - what would be an a reasonable way to ensure that my newlib version XXX
   is free from know vulnerabilities ?

Or from a different point of view, how do you ensure that newlib is not
including a known vulnerability/ies ? How do you deal with that ?

Many Thanks,
R.

P.S. put be in CC as I'm not subscribed to the maillist, many thanks

-- 
Roberto Martelloni
boos @ http://boos.core-dumped.info