Missing January 2017 security patches for Marshmallow?

[Preetam D'Souza]

Hi AOSP team,

The latest security bulletin for January 2017 mentions 6.0.1 under "Updated AOSP versions" but I don't see any of these patches on Marshmallow branches.

For instance, take the critical "Remote code execution vulnerability in Mediaserver" with patch A-31607432. 6.0.1 is listed as an updated AOSP version, but I do not see any of the main release branches (marshmallow-mr1-release, marshmallow-mr2-release, marshmallow-mr3-release) updated with the patch.

Please update these branches with the security patches mentioned in the bulletin or shed light on why these patches are missing from Marshmallow. 

It is hard to find details on the security patching process, so any more info on this is much appreciated!

Thanks,

Preetam

[Preetam D'Souza]

Happy to see the patches rolling out to Marshmallow with android-6.0.1_r78 on marshmallow-mr2-release, thanks guys!

For anyone else interested, more info here: https://groups.google.com/d/msg/android-building/racl35q1MCk/s2Y-_9I-CgAJ