whatnow: update online resources list for maintainance

Bugtraq is dead since 2021, use oss-sec instead.

For CERT, cert.org redirects to CMU and us-cert.gov redirects to US
CISA (https://www.cisa.gov/uscert/).  I'm not familiar with those so
left those for a US citizen to add :).

chapter11/whatnow.xml

@@ -27,26 +27,21 @@
       Since an LFS system is compiled from source, it is up to you to keep
       abreast of such reports.  There are several online resources that track
       such reports, some of which are shown below:</para>
-<!-- FIXME too outdated, need a full update -->
+
       <itemizedlist>
 
         <listitem>
-          <para><ulink url="http://www.cert.org/">CERT</ulink> (Computer
-          Emergency Response Team)</para>
+          <para><ulink url="&lfs-root;lfs/advisories/">LFS Security Advisories</ulink></para>
 
-          <para>CERT has a mailing list that publishes security alerts concerning
-          various operating systems and applications. Subscription information is
-          available at <ulink
-          url="http://www.us-cert.gov/cas/signup.html"/>.</para>
+          <para>This is a list of security vulnerabilities discovered in the
+          LFS book after it's published.</para>
         </listitem>
 
         <listitem>
-          <para>Bugtraq</para>
+          <para><ulink url="https://seclists.org/oss-sec/">Open Source Security Mailing List</ulink></para>
 
-          <para>Bugtraq is a full-disclosure computer security mailing list. It
-          publishes newly discovered security issues, and occasionally potential
-          fixes for them. Subscription information is available at <ulink
-          url="http://www.securityfocus.com/archive"/>.</para>
+          <para>This is a mailing list for discussion of security flaws,
+          concepts, and practices in the Open Source community.</para>
         </listitem>
 
       </itemizedlist>