Hi AOSP team,
The latest security bulletin for January 2017 mentions 6.0.1 under "Updated AOSP versions" but I don't see any of these patches on Marshmallow branches.
For instance, take the critical "Remote code execution vulnerability in Mediaserver" with patch
A-31607432. 6.0.1 is listed as an updated AOSP version, but I do not see any of the main release branches (marshmallow-mr1-release, marshmallow-mr2-release, marshmallow-mr3-release) updated with the patch.
Please update these branches with the security patches mentioned in the bulletin or shed light on why these patches are missing from Marshmallow.
It is hard to find details on the security patching process, so any more info on this is much appreciated!
Thanks,
Preetam