sources/meta-arm/SECURITY.md

# Reporting vulnerabilities

Arm takes security issues seriously and welcomes feedback from researchers and
the security community in order to improve the security of its products and
services. We operate a coordinated disclosure policy for disclosing
vulnerabilities and other security issues.

Security issues can be complex and one single timescale doesn't fit all
circumstances. We will make best endeavours to inform you when we expect
security notifications and fixes to be available and facilitate coordinated
disclosure when notifications and patches/mitigations are available.


## How to Report a Potential Vulnerability?

If you would like to report a public issue (for example, one with a released CVE
number), please contact the meta-arm mailing list at
meta-arm@lists.yoctoproject.org and arm-security@arm.com.

If you are dealing with a not-yet released or urgent issue, please send a mail
to the maintainers (see README.md) and arm-security@arm.com, including as much
detail as possible.  Encrypted emails using PGP are welcome.

For more information, please visit https://developer.arm.com/support/arm-security-updates/report-security-vulnerabilities.


## Branches maintained with security fixes

meta-arm follows the Yocto release model, so see
[https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and
LTS] for detailed info regarding the policies and maintenance of stable
branches.

The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all
releases of the Yocto Project. Versions in grey are no longer actively maintained with
security patches, but well-tested patches may still be accepted for them for
significant issues.
Complete Yocto mirror with license table for TQMa6UL (2038-compliance) - 264 license table entries with exact download URLs (224/264 resolved) - Complete sources/ directory with all BitBake recipes - Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl) - Full traceability for Softwarefreigabeantrag - GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4 - License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16) 2026-03-01 20:58:18 +00:00			`# Reporting vulnerabilities`

			`Arm takes security issues seriously and welcomes feedback from researchers and`
			`the security community in order to improve the security of its products and`
			`services. We operate a coordinated disclosure policy for disclosing`
			`vulnerabilities and other security issues.`

			`Security issues can be complex and one single timescale doesn't fit all`
			`circumstances. We will make best endeavours to inform you when we expect`
			`security notifications and fixes to be available and facilitate coordinated`
			`disclosure when notifications and patches/mitigations are available.`


			`## How to Report a Potential Vulnerability?`

			`If you would like to report a public issue (for example, one with a released CVE`
			`number), please contact the meta-arm mailing list at`
			`meta-arm@lists.yoctoproject.org and arm-security@arm.com.`

			`If you are dealing with a not-yet released or urgent issue, please send a mail`
			`to the maintainers (see README.md) and arm-security@arm.com, including as much`
			`detail as possible. Encrypted emails using PGP are welcome.`

			`For more information, please visit https://developer.arm.com/support/arm-security-updates/report-security-vulnerabilities.`


			`## Branches maintained with security fixes`

			`meta-arm follows the Yocto release model, so see`
			`[https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and`
			`LTS] for detailed info regarding the policies and maintenance of stable`
			`branches.`

			`The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all`
			`releases of the Yocto Project. Versions in grey are no longer actively maintained with`
			`security patches, but well-tested patches may still be accepted for them for`
			`significant issues.`