After having spent a few hours backporting the latest security patches to Lollipop (with one of them I'm not sure it fixes the problem, but the CVE is empty), I have the same question.
Anyone from Google that could shed some light on this matter? Thanks. On Friday, 12 August 2016 18:40:44 UTC+2, avk wrote: > > Hi, > > I'd like to [try to] make a custom build of AOSP for my device, which does > not receive security updates from vendor anymore. For this reason I'm > looking for sources of Android 4.4 along with all the relevant security > patches. > > source.android.com <http://source.android.com/security/index.html> mentions > that KitKat still receives security updates: > > The Android security team currently provides patches for Android versions >> 4.4 (KitKat), 5.0 (Lollipop), 5.1 (Lollipop MR1), and 6.0 (Marshmallow). > > > Also latest security bulletin > <http://source.android.com/security/bulletin/2016-08-01.html> alongside > many CVE's mentions 4.4.4 among "Updated AOSP versions". Yet when I go to > appropriate reference > (for example, this commit > <https://android.googlesource.com/platform/frameworks/av/+/590d1729883f700ab905cdc9ad850f3ddd7e1f56> > > for first CVE in the list), the appropriate commit seems to appear only > in master branch. I'm not familiar with AOSP version control yet, but I > checked list of branches for this particular framework here > <https://android.googlesource.com/platform/frameworks/av/>. > > So, my question is: where do backported security patches go? If current > googlegroup is not appropriate place for this question, please point me > in the right direction. > > Cheers, > -- -- unsubscribe: [email protected] website: http://groups.google.com/group/android-porting --- You received this message because you are subscribed to the Google Groups "android-porting" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
