whatnow: update online resources list for maintainance

Bugtraq is dead since 2021, use oss-sec instead.

For CERT, cert.org redirects to CMU and us-cert.gov redirects to US
CISA (https://www.cisa.gov/uscert/).  I'm not familiar with those so
left those for a US citizen to add :).

chapter11/whatnow.xml

@@ -27,26 +27,21 @@
       Since an LFS system is compiled from source, it is up to you to keep
       abreast of such reports.  There are several online resources that track
       such reports, some of which are shown below:</para>
-<!-- FIXME too outdated, need a full update -->
+
       <itemizedlist>
 
         <listitem>
-          <para><ulink url="http://www.cert.org/">CERT</ulink> (Computer
+          <para><ulink url="&lfs-root;lfs/advisories/">LFS Security Advisories</ulink></para>
-          Emergency Response Team)</para>
 
-          <para>CERT has a mailing list that publishes security alerts concerning
+          <para>This is a list of security vulnerabilities discovered in the
-          various operating systems and applications. Subscription information is
+          LFS book after it's published.</para>
-          available at <ulink
-          url="http://www.us-cert.gov/cas/signup.html"/>.</para>
         </listitem>
 
         <listitem>
-          <para>Bugtraq</para>
+          <para><ulink url="https://seclists.org/oss-sec/">Open Source Security Mailing List</ulink></para>
 
-          <para>Bugtraq is a full-disclosure computer security mailing list. It
+          <para>This is a mailing list for discussion of security flaws,
-          publishes newly discovered security issues, and occasionally potential
+          concepts, and practices in the Open Source community.</para>
-          fixes for them. Subscription information is available at <ulink
-          url="http://www.securityfocus.com/archive"/>.</para>
         </listitem>
 
       </itemizedlist>