Since Tails is based on Debian, it takes advantage of all the work done by the Debian security team. As quoted from <https://www.debian.org/security/>:
> Debian takes security very seriously. We handle all security problems brought to our attention and ensure that they are corrected within a reasonable timeframe. Many advisories are coordinated with other free software vendors and are published the same day a vulnerability is made public and we also have a Security Audit team that reviews the archive looking for new or unfixed security bugs.