Hi AOSP team, The latest security bulletin for January 2017 mentions 6.0.1 under "Updated AOSP versions" but I don't see any of these patches on Marshmallow branches.
For instance, take the critical "Remote code execution vulnerability in Mediaserver" with patch A-31607432 <https://android.googlesource.com/platform/external/libopus/+/0d052d64480a30e83fcdda80f4774624e044beb7>. 6.0.1 is listed as an updated AOSP version, but I do not see any of the main release branches (marshmallow-mr1-release, marshmallow-mr2-release, marshmallow-mr3-release) updated with the patch. Please update these branches with the security patches mentioned in the bulletin or shed light on why these patches are missing from Marshmallow. It is hard to find details on the security patching process, so any more info on this is much appreciated! Thanks, Preetam -- -- You received this message because you are subscribed to the "Android Building" mailing list. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-building?hl=en --- You received this message because you are subscribed to the Google Groups "Android Building" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
