|
|
@@ -0,0 +1,24 @@
|
|
|
+How to Report a Potential Vulnerability?
|
|
|
+========================================
|
|
|
+
|
|
|
+If you would like to report a public issue (for example, one with a released
|
|
|
+CVE number), please report it using the
|
|
|
+[https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Security Security Bugzilla].
|
|
|
+If you have a patch ready, submit it following the same procedure as any other
|
|
|
+patch as described in README.md.
|
|
|
+
|
|
|
+If you are dealing with a not-yet released or urgent issue, please send a
|
|
|
+message to security AT yoctoproject DOT org, including as many details as
|
|
|
+possible: the layer or software module affected, the recipe and its version,
|
|
|
+and any example code, if available.
|
|
|
+
|
|
|
+Branches maintained with security fixes
|
|
|
+---------------------------------------
|
|
|
+
|
|
|
+See [https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and LTS]
|
|
|
+for detailed info regarding the policies and maintenance of Stable branches.
|
|
|
+
|
|
|
+The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all
|
|
|
+releases of the Yocto Project. Versions in grey are no longer actively maintained with
|
|
|
+security patches, but well-tested patches may still be accepted for them for
|
|
|
+significant issues.
|
Marta Rybczynska