Docs: Add AOSP links to the March security bulletin
Bug: 27000316
Change-Id: I7cb91f5591ba3c1bb8ef5d27a9c418bfe11a04ae
diff --git a/src/security/bulletin/2016-03-01.jd b/src/security/bulletin/2016-03-01.jd
index d1e4205..6c0a17f 100644
--- a/src/security/bulletin/2016-03-01.jd
+++ b/src/security/bulletin/2016-03-01.jd
@@ -24,7 +24,7 @@
</div>
</div>
-<p><em>Published March 07, 2016</em></p>
+<p><em>Published March 07, 2016 | Updated March 08, 2016</em></p>
<p>We have released a security update to Nexus devices through an over-the-air
(OTA) update as part of our Android Security Bulletin Monthly Release process.
@@ -226,21 +226,23 @@
<table>
<tr>
<th>CVE</th>
- <th>Bug(s)</th>
+ <th>Bugs with AOSP links</th>
<th>Severity</th>
<th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-0815</td>
- <td>ANDROID-26365349</td>
+ <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5403587a74aee2fb57076528c3927851531c8afb">ANDROID-26365349</a>
+ </td>
<td>Critical</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
<td>Google Internal</td>
</tr>
<tr>
<td>CVE-2016-0816</td>
- <td>ANDROID-25928803</td>
+ <td><a href="https://android.googlesource.com/platform/external/libavc/+/4a524d3a8ae9aa20c36430008e6bd429443f8f1d">ANDROID-25928803</a>
+ </td>
<td>Critical</td>
<td>6.0, 6.0.1</td>
<td>Google Internal</td>
@@ -266,14 +268,17 @@
<table>
<tr>
<th>CVE</th>
- <th>Bug(s)</th>
+ <th>Bug with AOSP links</th>
<th>Severity</th>
<th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-1621</td>
- <td>ANDROID-23452792</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55">ANDROID-23452792</a>
+ <a href="https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d">[2]</a>
+ <a href="https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426">[3]</a>
+ </td>
<td>Critical</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0</td>
<td>Google Internal</td>
@@ -283,19 +288,21 @@
<h3 id=elevation_of_privilege_in_conscrypt>Elevation of Privilege in Conscrypt</h3>
-<p>A vulnerability in Conscrypt could allow a specific type of invalid certificate, issued by an intermediate Certificate Authority (CA), to be incorrectly trusted. This may enable a man in the middle attack. This issue is rated as a Critical severity due to the possibility of an elevation of privilege and remote arbitrary code execution.</p>
+<p>A vulnerability in Conscrypt could allow a specific type of invalid certificate, issued by an intermediate Certificate Authority (CA), to be incorrectly trusted. This may enable a man-in-the-middle attack. This issue is rated as a Critical severity due to the possibility of an elevation of privilege and remote arbitrary code execution.</p>
<table>
<tr>
<th>CVE</th>
- <th>Bug(s)</th>
+ <th>Bug with AOSP links</th>
<th>Severity</th>
<th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-0818</td>
- <td>ANDROID-26232830</td>
+ <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/c4ab1b959280413fb11bf4fd7f6b4c2ba38bd779">ANDROID-26232830</a>
+ <a href="https://android.googlesource.com/platform/external/conscrypt/+/4c9f9c2201116acf790fca25af43995d29980ee0">[2]</a>
+ </td>
<td>Critical</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
<td>Google Internal</td>
@@ -314,7 +321,7 @@
<table>
<tr>
<th>CVE</th>
- <th>Bug(s)</th>
+ <th>Bug</th>
<th>Severity</th>
<th>Updated versions</th>
<th>Date reported</th>
@@ -324,7 +331,7 @@
<td>ANDROID-25364034*</td>
<td>Critical</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
- <td>Google Internal</td>
+ <td>Oct 29, 2015</td>
</tr>
</table>
@@ -343,7 +350,7 @@
<table>
<tr>
<th>CVE</th>
- <th>Bug(s)</th>
+ <th>Bug</th>
<th>Severity</th>
<th>Updated versions</th>
<th>Date reported</th>
@@ -359,7 +366,8 @@
<p>* The patch for this issue is not in AOSP. The update is contained in the
-latest binary drivers for Nexus devices available from the <a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
<h3 id=elevation_of_privilege_vulnerability_in_kernel_keyring_component>Elevation of Privilege Vulnerability in Kernel Keyring Component</h3>
@@ -372,11 +380,15 @@
and above, SELinux rules prevents third-party applications from reaching the
affected code.</p>
-<p><strong>Note: </strong>For reference, the patch in AOSP is available for specific kernel versions: <a href="https://android.googlesource.com/kernel%2Fcommon/+/8a8431507f8f5910db5ac85b72dbdc4ed8f6b308">4.1</a>, <a href="https://android.googlesource.com/kernel%2Fcommon/+/ba8bb5774ca7b1acc314c98638cf678ce0beb19a">3.18</a>, <a href="https://android.googlesource.com/kernel%2Fcommon/+/93faf7ad3d603c33b33e49318e81cf00f3a24a73">3.14</a>, and <a href="https://android.googlesource.com/kernel%2Fcommon/+/9fc5f368bb89b65b591c4f800dfbcc7432e49de5">3.10</a>.</p>
+<p><strong>Note:</strong> For reference, the patch in AOSP is available for specific kernel versions:
+<a href="https://android.googlesource.com/kernel/common/+/8a8431507f8f5910db5ac85b72dbdc4ed8f6b308">4.1</a>,
+<a href="https://android.googlesource.com/kernel/common/+/ba8bb5774ca7b1acc314c98638cf678ce0beb19a">3.18</a>,
+<a href="https://android.googlesource.com/kernel/common/+/93faf7ad3d603c33b33e49318e81cf00f3a24a73">3.14</a>,
+and <a href="https://android.googlesource.com/kernel/common/+/9fc5f368bb89b65b591c4f800dfbcc7432e49de5">3.10</a>.</p>
<table>
<tr>
<th>CVE</th>
- <th>Bug(s)</th>
+ <th>Bug</th>
<th>Severity</th>
<th>Updated versions</th>
<th>Date reported</th>
@@ -391,7 +403,7 @@
</table>
-<h3 id=mitigation_bypass_vulnerability_in_the_kernel>Mitigation Bypass Vulnerability in the Kernel </h3>
+<h3 id=mitigation_bypass_vulnerability_in_the_kernel>Mitigation Bypass Vulnerability in the Kernel</h3>
<p>A mitigation bypass vulnerability in the kernel could permit a bypass of
@@ -400,11 +412,13 @@
bypass of security measures in place to increase the difficulty of attackers
exploiting the platform.</p>
-<p><strong>Note:</strong> There is an update for this issue is <a href="https://github.com/torvalds/linux/commit/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf">located in the Linux upstream</a>.</p>
+<p><strong>Note:</strong> The update for this issue is
+<a href="https://github.com/torvalds/linux/commit/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf">located in the Linux upstream</a>.</p>
+
<table>
<tr>
<th>CVE</th>
- <th>Bug(s)</th>
+ <th>Bug</th>
<th>Severity</th>
<th>Updated versions</th>
<th>Date reported</th>
@@ -424,14 +438,14 @@
<p>There is an elevation of privilege vulnerability in a MediaTek connectivity
kernel driver that could enable a local malicious application to execute
-arbitrary code within the context of the kernel. Normally a kernel code
-execution bug like this would be rated critical, but given that it requires
-first compromising the conn_launcher service, which may not even be possible,
-it justifies a downgrade to High severity rating.</p>
+arbitrary code within the context of the kernel. Normally a kernel code execution
+bug like this would be rated critical, but because it requires first compromising
+the conn_launcher service, it justifies a downgrade to High severity rating.
+</p>
<table>
<tr>
<th>CVE</th>
- <th>Bug(s)</th>
+ <th>Bug</th>
<th>Severity</th>
<th>Updated versions</th>
<th>Date reported</th>
@@ -441,13 +455,14 @@
<td>ANDROID-25873324*</td>
<td>High</td>
<td>6.0.1</td>
- <td>Google internal</td>
+ <td>Nov 24, 2015</td>
</tr>
</table>
<p>* The patch for this issue is not in AOSP. The update is contained in the
-latest binary drivers for Nexus devices available from the <a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
<h3 id=information_disclosure_vulnerability_in_kernel>Information Disclosure Vulnerability in Kernel</h3>
@@ -458,11 +473,12 @@
a local bypass of exploit mitigation technologies such as ASLR in a privileged
process.</p>
-<p><strong>Note:</strong> There is a fix for this issue is <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce">located in Linux upstream</a>.</p>
+<p><strong>Note:</strong> The fix for this issue is
+<a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce">located in Linux upstream</a>.</p>
<table>
<tr>
<th>CVE</th>
- <th>Bug(s)</th>
+ <th>Bug</th>
<th>Severity</th>
<th>Updated versions</th>
<th>Date reported</th>
@@ -475,7 +491,9 @@
<td>Google internal</td>
</tr>
</table>
-
+<p>* The patch for this issue is not in AOSP. The update is contained in the
+latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
<h3 id=information_disclosure_vulnerability_in_libstagefright>Information Disclosure Vulnerability in libstagefright</h3>
@@ -487,14 +505,15 @@
<table>
<tr>
<th>CVE</th>
- <th>Bug(s)</th>
+ <th>Bug with AOSP link</th>
<th>Severity</th>
<th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-0824</td>
- <td>ANDROID-25765591</td>
+ <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/ffab15eb80630dc799eb410855c93525b75233c3">ANDROID-25765591</a>
+ </td>
<td>High</td>
<td>6.0, 6.0.1</td>
<td>Nov 18, 2015</td>
@@ -508,7 +527,10 @@
<p>An information disclosure vulnerability in the Widevine Trusted Application
could allow code running in the kernel context to access information in
TrustZone secure storage. This issue is rated as High severity because it could
-be used to gain elevated capabilities, such as <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> permissions privileges.</p>
+be used to gain elevated capabilities, such as
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
+permissions privileges.</p>
<table>
<tr>
<th>CVE</th>
@@ -528,7 +550,8 @@
<p>* The patch for this issue is not in AOSP. The update is contained in the
-latest binary drivers for Nexus devices available from the <a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
<h3 id=elevation_of_privilege_vulnerability_in_mediaserver>Elevation of Privilege Vulnerability in Mediaserver </h3>
@@ -540,21 +563,23 @@
<table>
<tr>
<th>CVE</th>
- <th>Bug(s)</th>
+ <th>Bugs with AOSP links</th>
<th>Severity</th>
<th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-0826</td>
- <td>ANDROID-26265403 </td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c9ab2b0bb05a7e19fb057e79b36e232809d70122">ANDROID-26265403</a>
+ <a href="https://android.googlesource.com/platform/frameworks/av/+/899823966e78552bb6dfd7772403a4f91471d2b0">[2]</a>
+ </td>
<td>High</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
<td>Dec 17, 2015</td>
</tr>
<tr>
<td>CVE-2016-0827</td>
- <td>ANDROID-26347509</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/9e29523b9537983b4c4b205ff868d0b3bca0383b">ANDROID-26347509</a></td>
<td>High</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
<td>Dec 28, 2015</td>
@@ -572,21 +597,22 @@
<table>
<tr>
<th>CVE</th>
- <th>Bug(s)</th>
+ <th>Bugs with AOSP links</th>
<th>Severity</th>
<th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-0828</td>
- <td>ANDROID-26338113 </td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/native/+/dded8fdbb700d6cc498debc69a780915bc34d755">ANDROID-26338113</a>
+ </td>
<td>High</td>
<td>5.0.2, 5.1.1, 6.0, 6.0.1</td>
<td>Dec 27, 2015</td>
</tr>
<tr>
<td>CVE-2016-0829</td>
- <td>ANDROID-26338109</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/native/+/d06421fd37fbb7fd07002e6738fac3a223cb1a62">ANDROID-26338109</a></td>
<td>High</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
<td>Dec 27, 2015</td>
@@ -606,14 +632,14 @@
<table>
<tr>
<th>CVE</th>
- <th>AOSP Link</th>
+ <th>Bug with AOSP link</th>
<th>Severity</th>
<th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-0830</td>
- <td><a href="https://android.googlesource.com/platform%2Fsystem%2Fbt/+/d77f1999ecece56c1cbb333f4ddc26f0b5bac2c5">ANDROID-26071376</a></td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/d77f1999ecece56c1cbb333f4ddc26f0b5bac2c5">ANDROID-26071376</a></td>
<td>High</td>
<td>6.0, 6.0.1</td>
<td>Google Internal</td>
@@ -621,7 +647,7 @@
</table>
-<h3 id=information_disclosure_vulnerability_in_telephony>Information Disclosure Vulnerability in Telephony </h3>
+<h3 id=information_disclosure_vulnerability_in_telephony>Information Disclosure Vulnerability in Telephony</h3>
<p>An information disclosure vulnerability in the Telephony component could allow
@@ -631,14 +657,14 @@
<table>
<tr>
<th>CVE</th>
- <th>Bug(s)</th>
+ <th>Bug with AOSP link</th>
<th>Severity</th>
<th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-0831</td>
- <td>ANDROID-25778215</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/79eecef63f3ea99688333c19e22813f54d4a31b1">ANDROID-25778215</a></td>
<td>Moderate</td>
<td>5.0.2, 5.1.1, 6.0, 6.0.1</td>
<td>Nov 16, 2015</td>
@@ -691,4 +717,5 @@
<ul>
<li> March 07, 2016: Bulletin published.
+ <li> March 08, 2016: Bulletin revised to include AOSP links.
</ul>
diff --git a/src/security/bulletin/index.jd b/src/security/bulletin/index.jd
index 0bb0167..687fb6b 100644
--- a/src/security/bulletin/index.jd
+++ b/src/security/bulletin/index.jd
@@ -21,14 +21,20 @@
important tool to make and keep Android users safe. This page contains the
available Nexus Security Bulletins. These security bulletins include
information users can follow to ensure their device has the latest security
-updates. Refer to the<a href="https://support.google.com/nexus/answer/4457705"> Nexus documentation</a>
+updates.</p>
+<p>To get notifications when we publish a new bulletin, join the
+<a href="https://groups.google.com/forum/#!forum/android-security-updates">Android Security Updates group</a>,
+and set your email delivery preference to receive all updates.
+Refer to the<a href="https://support.google.com/nexus/answer/4457705"> Nexus documentation</a>
for instructions on how to check the security patch level, using the security
patch level provided below. The Nexus firmware images are also released each
month to the<a href="https://developers.google.com/android/nexus/images"> Google Developer site</a>.
</p>
+
+
<table>
<tr>
- <th>Nexus Security Bulletin</th>
+ <th>Bulletin</th>
<th>Languages</th>
<th>Published Date</th>
<th>Android Security Patch Level</th>
@@ -54,23 +60,14 @@
<tr>
<td><a href="2016-01-01.html">January 2016</a></td>
<td>
- <a href="{@docRoot}intl/ja_ALL/security/bulletin/2016-01-01.html">日本語</a> /
- <a href="{@docRoot}intl/ko_ALL/security/bulletin/2016-01-01.html">한국어</a> /
- <a href="{@docRoot}intl/ru_ALL/security/bulletin/2016-01-01.html">ru</a> /<br />
- <a href="{@docRoot}intl/zh-CN_ALL/security/bulletin/2016-01-01.html">中文 (中国)</a> /
- <a href="{@docRoot}intl/zh-TW_ALL/security/bulletin/2016-01-01.html">中文 (台灣)</a>
+ Coming soon
</td>
<td>January 4, 2016</td>
<td>January 1, 2016: [2016-01-01]</td>
</tr>
<tr>
<td><a href="2015-12-01.html">December 2015</a></td>
- <td>
- <a href="{@docRoot}intl/ja_ALL/security/bulletin/2015-12-01.html">日本語</a> /
- <a href="{@docRoot}intl/ko_ALL/security/bulletin/2015-12-01.html">한국어</a> /
- <a href="{@docRoot}intl/ru_ALL/security/bulletin/2015-12-01.html">ru</a> /<br />
- <a href="{@docRoot}intl/zh-CN_ALL/security/bulletin/2015-12-01.html">中文 (中国)</a> /
- <a href="{@docRoot}intl/zh-TW_ALL/security/bulletin/2015-12-01.html">中文 (台灣)</a>
+ <td>Coming soon
</td>
<td>December 7, 2015</td>
<td>December 1, 2015: [2015-12-01]</td>
diff --git a/src/security/overview/acknowledgements.jd b/src/security/overview/acknowledgements.jd
index 2bd589b..0201917 100644
--- a/src/security/overview/acknowledgements.jd
+++ b/src/security/overview/acknowledgements.jd
@@ -206,82 +206,30 @@
</div>
<h2 id=2014>2014</h2>
-
<div style="LINE-HEIGHT:25px;">
-<p>Jeff Forristal of <a href="http://www.bluebox.com/blog/">Bluebox
-Security</a></p>
<p>Aaron Mangel of <a href="https://banno.com/">Banno</a> (<a
href="mailto:amangel@gmail.com">amangel@gmail.com</a>)</p>
-<p><a href="http://www.linkedin.com/in/tonytrummer/">Tony Trummer</a> of <a
-href="http://www.themeninthemiddle.com">The Men in the Middle</a> <br>(<a
-href="https://twitter.com/SecBro1">@SecBro1</a>)</p>
+<p>Alex Park (<a href="https://twitter.com/saintlinu">@saintlinu</a>)</p>
-<p><a href="http://www.samsung.com">Samsung Mobile</a></p>
+<p>Alexandru Gheorghita</p>
-<p>Henry Hoggard of <a href="https://labs.mwrinfosecurity.com/">MWR Labs</a> (<a
-href="https://twitter.com/henryhoggard">@HenryHoggard</a>)</p>
-
-<p><a href="http://www.androbugs.com">Yu-Cheng Lin 林禹成</a> (<a
-href="https://twitter.com/AndroBugs">@AndroBugs</a>)</p>
-
-<p><a
-href="http://www.ec-spride.tu-darmstadt.de/en/research-groups/secure-software-engineering-group/staff/siegfried-rasthofer/">Siegfried
-Rasthofer</a> of <a href="http://sseblog.ec-spride.de/">Secure Software
-Engineering Group</a>, EC SPRIDE Technische Universität Darmstadt (<a
-href="mailto:siegfried.rasthofer@gmail.com">siegfried.rasthofer@gmail.com</a>)</p>
-
-<p>Steven Arzt of <a href="http://sseblog.ec-spride.de/">Secure Software
-Engineering Group</a>, EC SPRIDE Technische Universität Darmstadt (<a
-href="mailto:Steven.Arzt@ec-spride.de">Steven.Arzt@ec-spride.de</a>)</p>
-
-<p><a href="http://blog.redfern.me/">Joseph Redfern</a> of <a
-href="https://labs.mwrinfosecurity.com/">MWR Labs</a> <br>(<a
-href="https://twitter.com/JosephRedfern">@JosephRedfern</a>)</p>
-
-<p><a href="https://plus.google.com/u/0/109528607786970714118">Valera
-Neronov</a></p>
-
-<p><a href="https://github.com/michalbednarski">Michał Bednarski</a></p>
-
-<p><a href="http://www.linkedin.com/in/luander">Luander Michel Ribeiro</a> (<a
-href="https://twitter.com/luanderock">@luanderock</a>)</p>
-
-<p>Stephan Huber of Testlab Mobile Security, <a
-href="https://www.sit.fraunhofer.de/">Fraunhofer SIT</a> (<a
-href="mailto:Stephan.Huber@sit.fraunhofer.de">Stephan.Huber@sit.fraunhofer.de</a>)
-</p>
+<p><a href="https://twitter.com/isciurus">Andrey Labunets</a> of <a href="https://www.facebook.com">Facebook</a></p>
<p><a href="http://www.corkami.com">Ange Albertini</a> (<a
href="https://twitter.com/angealbertini">@angealbertini</a>)</p>
-<p><a href="https://www.linkedin.com/in/tdalvi">Tushar Dalvi</a> (<a
-href="https://twitter.com/tushardalvi">@tushardalvi</a>)</p>
-
<p>Axelle Apvrille of Fortinet, FortiGuards Labs</p>
-<p>Tongxin Li of Peking University (<a
-href="mailto:litongxin1991@gmail.com">litongxin1991@gmail.com</a>)</p>
+<p><a href="http://www.linkedin.com/in/danamodio">Dan Amodio</a> of <a href="https://www.aspectsecurity.com/">Aspect Security</a> (<a href="https://twitter.com/DanAmodio">@DanAmodio</a>)</p>
-<p><a href="https://www.facebook.com/zhou.xiaoyong">Xiaoyong Zhou</a> of <a
-href="http://www.cs.indiana.edu/~zhou/">Indiana University Bloomington</a> <br>(<a
-href="https://twitter.com/xzhou">@xzhou</a>, <a
-href="mailto:zhou.xiaoyong@gmail.com">zhou.xiaoyong@gmail.com</a>)</p>
+<p><a href="http://davidmurdoch.com">David Murdoch</a></p>
-<p><a href="http://homes.soic.indiana.edu/luyixing">Luyi Xing</a> of Indiana
-University Bloomington (<a
-href="mailto:xingluyi@gmail.com">xingluyi@gmail.com</a>)</p>
+<p>Henry Hoggard of <a href="https://labs.mwrinfosecurity.com/">MWR Labs</a> (<a
+href="https://twitter.com/henryhoggard">@HenryHoggard</a>)</p>
-<p>Yeonjoon Lee of Indiana University Bloomington (<a
-href="mailto:luc2yj@gmail.com">luc2yj@gmail.com</a>)</p>
-
-<p><a href="http://www.informatics.indiana.edu/xw7/">Xiaofeng Wang</a> of
-Indiana University Bloomington (<a
-href="mailto:xw7@indiana.edu">xw7@indiana.edu</a>)</p>
-
-<p>Xinhui Han of Peking University (<a
-href="mailto:hanxinhui@pku.edu.cn">hanxinhui@pku.edu.cn</a>)</p>
+<p>Imre Rad of <a href="http://www.search-lab.hu/">Search-Lab Ltd.</a></p>
<p><a href="http://thejh.net/">Jann Horn</a> <a href="https://android-review.googlesource.com/#/c/98197/">
<img style="vertical-align:middle;" src="../images/tiny-robot.png"
@@ -289,12 +237,55 @@
title="This person contributed code that improved Android security">
</a></p>
+<p>Jeff Forristal of <a href="http://www.bluebox.com/blog/">Bluebox
+Security</a></p>
+
+<p><a href="http://blog.redfern.me/">Joseph Redfern</a> of <a
+href="https://labs.mwrinfosecurity.com/">MWR Labs</a> <br>(<a
+href="https://twitter.com/JosephRedfern">@JosephRedfern</a>)</p>
+
+<p>Kunal Patel of <a href="https://www.samsungknox.com/">Samsung KNOX Security Team</a> (<a href="mailto:kunal.patel1@samsung.com">kunal.patel1@samsung.com</a>)</p>
+
+<p><a href="http://www.linkedin.com/in/luander">Luander Michel Ribeiro</a> (<a
+href="https://twitter.com/luanderock">@luanderock</a>)</p>
+
+<p><a href="http://homes.soic.indiana.edu/luyixing">Luyi Xing</a> of Indiana
+University Bloomington (<a
+href="mailto:xingluyi@gmail.com">xingluyi@gmail.com</a>)</p>
+
+<p>Marc Blanchou (<a href="https://twitter.com/marcblanchou">@marcblanchou</a>)</p>
+
+<p>Mathew Solnik (<a href="https://twitter.com/msolnik">@msolnik</a>)</p>
+
+<p><a href="https://github.com/michalbednarski">Michał Bednarski</a></p>
+
+<p><a href="http://www.cs.utah.edu/~rsas/">Raimondas Sasnauskas</a> of University of Utah</p>
+
<p>Robert Craig of <a href="https://www.nsa.gov/research/ia_research/">
Trusted Systems Research Group</a>, US National Security Agency
<a href="https://android-review.googlesource.com/#/q/owner:%22Robert+Craig+%253Crpcraig%2540tycho.ncsc.mil%253E%22+status:merged">
<img style="vertical-align:middle" src="../images/tiny-robot.png" alt="Patch Symbol"
title="This person contributed code that improved Android security"></a></p>
+<p><a href="http://www.samsung.com">Samsung Mobile</a></p>
+
+<p>Scotty Bauer of University of Utah (<a href="mailto:sbauer@eng.utah.edu">sbauer@eng.utah.edu</a>)</p>
+
+<p>Sebastian Brenza</p>
+
+<p><a
+href="http://www.ec-spride.tu-darmstadt.de/en/research-groups/secure-software-engineering-group/staff/siegfried-rasthofer/">Siegfried
+Rasthofer</a> of <a href="http://sseblog.ec-spride.de/">Secure Software
+Engineering Group</a>, EC SPRIDE Technische Universität Darmstadt (<a
+href="mailto:siegfried.rasthofer@gmail.com">siegfried.rasthofer@gmail.com</a>)</p>
+
+<p><a href="http://www.sonymobile.com">Sony Mobile</a></p>
+
+<p>Stephan Huber of Testlab Mobile Security, <a
+href="https://www.sit.fraunhofer.de/">Fraunhofer SIT</a> (<a
+href="mailto:Stephan.Huber@sit.fraunhofer.de">Stephan.Huber@sit.fraunhofer.de</a>)
+</p>
+
<p>Stephen Smalley of <a href="https://www.nsa.gov/research/ia_research/">
Trusted Systems Research Group</a>, US National Security Agency
<a href=
@@ -302,6 +293,31 @@
<img style="vertical-align:middle" src="../images/tiny-robot.png"
alt="Patch Symbol" title="This person contributed code that improved Android security"></a></p>
+<p>Steven Arzt of <a href="http://sseblog.ec-spride.de/">Secure Software
+Engineering Group</a>, EC SPRIDE Technische Universität Darmstadt (<a
+href="mailto:Steven.Arzt@ec-spride.de">Steven.Arzt@ec-spride.de</a>)</p>
+
+<p><a href="http://www.subodh.io">Subodh Iyengar</a> of <a href="https://www.facebook.com">Facebook</a></p>
+
+<p>Tongxin Li of Peking University (<a
+href="mailto:litongxin1991@gmail.com">litongxin1991@gmail.com</a>)</p>
+
+<p><a href="http://www.linkedin.com/in/tonytrummer/">Tony Trummer</a> of <a
+href="http://www.themeninthemiddle.com">The Men in the Middle</a> <br>(<a
+href="https://twitter.com/SecBro1">@SecBro1</a>)</p>
+
+<p><a href="https://www.linkedin.com/in/tdalvi">Tushar Dalvi</a> (<a
+href="https://twitter.com/tushardalvi">@tushardalvi</a>)</p>
+
+<p><a href="https://plus.google.com/u/0/109528607786970714118">Valera
+Neronov</a></p>
+
+<p>Wang Tao of <a href="http://xteam.baidu.com">Baidu X-Team</a> (<a href="mailto:wintao@gmail.com">wintao@gmail.com</a>)</p>
+
+<p>Wang Yu of <a href="http://xteam.baidu.com">Baidu X-Team</a> (<a href="https://twitter.com/xi4oyu">@xi4oyu</a>)</p>
+
+<p><a href="http://www.shackleton.io/">Will Shackleton</a> of <a href="https://www.facebook.com">Facebook</a></p>
+
<p><a href="http://www.linkedin.com/in/billcroberts">
William Roberts</a> (<a href="mailto:bill.c.roberts@gmail.com">bill.c.roberts@gmail.com</a>)
<a href=
@@ -309,48 +325,36 @@
<img style="vertical-align:middle" src="../images/tiny-robot.png"
alt="Patch Symbol" title="This person contributed code that improved Android security"></a></p>
-<p>Scotty Bauer of University of Utah (<a href="mailto:sbauer@eng.utah.edu">sbauer@eng.utah.edu</a>)</p>
+<p><a href="http://www.informatics.indiana.edu/xw7/">Xiaofeng Wang</a> of
+Indiana University Bloomington (<a
+href="mailto:xw7@indiana.edu">xw7@indiana.edu</a>)</p>
-<p><a href="http://www.cs.utah.edu/~rsas/">Raimondas Sasnauskas</a> of University of Utah</p>
+<p><a href="https://www.facebook.com/zhou.xiaoyong">Xiaoyong Zhou</a> of <a
+href="http://www.cs.indiana.edu/~zhou/">Indiana University Bloomington</a> <br>(<a
+href="https://twitter.com/xzhou">@xzhou</a>, <a
+href="mailto:zhou.xiaoyong@gmail.com">zhou.xiaoyong@gmail.com</a>)</p>
-<p><a href="http://www.subodh.io">Subodh Iyengar</a> of <a href="https://www.facebook.com">Facebook</a></p>
+<p>Xinhui Han of Peking University (<a
+href="mailto:hanxinhui@pku.edu.cn">hanxinhui@pku.edu.cn</a>)</p>
-<p><a href="http://www.shackleton.io/">Will Shackleton</a> of <a href="https://www.facebook.com">Facebook</a></p>
+<p>Yeonjoon Lee of Indiana University Bloomington (<a
+href="mailto:luc2yj@gmail.com">luc2yj@gmail.com</a>)</p>
-<p>Kunal Patel of <a href="https://www.samsungknox.com/">Samsung KNOX Security Team</a> (<a href="mailto:kunal.patel1@samsung.com">kunal.patel1@samsung.com</a>)</p>
-
-<p>Sebastian Brenza</p>
-
-<p>Wang Tao of <a href="http://xteam.baidu.com">Baidu X-Team</a> (<a href="mailto:wintao@gmail.com">wintao@gmail.com</a>)</p>
-
-<p><a href="http://www.linkedin.com/in/danamodio">Dan Amodio</a> of <a href="https://www.aspectsecurity.com/">Aspect Security</a> (<a href="https://twitter.com/DanAmodio">@DanAmodio</a>)</p>
-
-<p><a href="http://davidmurdoch.com">David Murdoch</a></p>
-
-<p>Alexandru Gheorghita</p>
-
-<p>Mathew Solnik (<a href="https://twitter.com/msolnik">@msolnik</a>)</p>
-
-<p>Marc Blanchou (<a href="https://twitter.com/marcblanchou">@marcblanchou</a>)</p>
-
-<p>Wang Yu of <a href="http://xteam.baidu.com">Baidu X-Team</a> (<a href="https://twitter.com/xi4oyu">@xi4oyu</a>)</p>
+<p><a href="http://www.androbugs.com">Yu-Cheng Lin 林禹成</a> (<a
+href="https://twitter.com/AndroBugs">@AndroBugs</a>)</p>
<p>Zhang Dong Hui of <a href="http://xteam.baidu.com">Baidu X-Team</a> (<a href="http://weibo.com/shineastdh">shineastdh</a>)</p>
-<p>Alex Park (<a href="https://twitter.com/saintlinu">@saintlinu</a>)</p>
-
-<p><a href="http://www.sonymobile.com">Sony Mobile</a></p>
-
-<p><a href="https://twitter.com/isciurus">Andrey Labunets</a> of <a href="https://www.facebook.com">Facebook</a></p>
-
-<p>Imre Rad of <a href="http://www.search-lab.hu/">Search-Lab Ltd.</a></p>
-
</div>
<h2 id=2013>2013</h2>
<div style="LINE-HEIGHT:25px;">
+<p><a href="https://tsarstva.bg/sh/">Ivaylo Marinkov</a>
+of <a href="http://www.ecommera.com/">eCommera</a>
+(<a href="mailto:ivo@tsarstva.bg">ivo@tsarstva.bg</a>)</p>
+
<p>Jon Sawyer of <a href="http://appliedcybersecurity.com/">Applied Cybersecurity LLC
</a> (<a href="mailto:jon@cunninglogic.com">jon@cunninglogic.com</a>)</p>
@@ -360,22 +364,15 @@
<img style="vertical-align:middle" src="../images/patchreward.png"
alt="Patch Rewards Symbol" title="This person qualified for the Patch Rewards program!"></a></p>
-<p>Ruben Santamarta of IOActive
-(<a href="https://twitter.com/reversemode">@reversemode</a>)</p>
+<p>Kan Yuan</p>
<p>Lucas Yang (amadoh4ck) of
<a href="http://raonsecurity.com/">RaonSecurity</a>
(<a href="mailto:amadoh4ck@gmail.com">amadoh4ck@gmail.com</a>)</p>
-<p><a href="https://tsarstva.bg/sh/">Ivaylo Marinkov</a>
-of <a href="http://www.ecommera.com/">eCommera</a> <br>
-(<a href="mailto:ivo@tsarstva.bg">ivo@tsarstva.bg</a>)</p>
-
-<p><a href="http://roeehay.blogspot.com/">Roee Hay</a>
-<br>(<a href="https://twitter.com/roeehay">@roeehay</a>,
-<a href="mailto:roeehay@gmail.com">roeehay@gmail.com</a>)</p>
-
-<p>Qualcomm Product Security Initiative</p>
+<p><a href="http://homes.soic.indiana.edu/luyixing">Luyi Xing</a> of Indiana
+University Bloomington (<a
+href="mailto:xingluyi@gmail.com">xingluyi@gmail.com</a>)</p>
<p><a href="https://lacklustre.net/">Mike Ryan</a> of
<a href="https://isecpartners.com/">iSEC Partners</a>
@@ -388,12 +385,20 @@
at Urbana-Champaign</a>
<br>(<a href="mailto:naveed2@illinois.edu">naveed2@illinois.edu</a>)</p>
+<p>Qualcomm Product Security Initiative</p>
+
+<p><a href="http://roeehay.blogspot.com/">Roee Hay</a> (<a href="https://twitter.com/roeehay">@roeehay</a>,
+<a href="mailto:roeehay@gmail.com">roeehay@gmail.com</a>)</p>
+
<p>Robert Craig of <a href="https://www.nsa.gov/research/ia_research/">
Trusted Systems Research Group</a>, US National Security Agency
<a href="https://android-review.googlesource.com/#/q/owner:%22Robert+Craig+%253Crpcraig%2540tycho.ncsc.mil%253E%22+status:merged">
<img style="vertical-align:middle" src="../images/tiny-robot.png" alt="Patch Symbol"
title="This person contributed code that improved Android security"></a></p>
+<p>Ruben Santamarta of IOActive
+(<a href="https://twitter.com/reversemode">@reversemode</a>)</p>
+
<p>Stephen Smalley of <a href="https://www.nsa.gov/research/ia_research/">
Trusted Systems Research Group</a>, US National Security Agency
<a href=
@@ -408,31 +413,33 @@
<img style="vertical-align:middle" src="../images/tiny-robot.png"
alt="Patch Symbol" title="This person contributed code that improved Android security"></a></p>
-<p><a href="http://roeehay.blogspot.com/">Roee Hay</a>
-<br>(<a href="https://twitter.com/roeehay">@roeehay</a>,
-<a href="mailto:roeehay@gmail.com">roeehay@gmail.com</a>)</p>
-
-<p><a href="http://homes.soic.indiana.edu/luyixing">Luyi Xing</a> of Indiana
-University Bloomington (<a
-href="mailto:xingluyi@gmail.com">xingluyi@gmail.com</a>)</p>
-
<p>Xiaorui Pan of Indiana University Bloomington (<a href="mailto:eagle200467@gmail.com">eagle200467@gmail.com</a>)<p>
<p>XiaoFeng Wang of Indiana University Bloomington (<a href="mailto:xw7@indiana.edu">xw7@indiana.edu</a>)</p>
-<p>Kan Yuan</p>
-
</div>
+
+
<h2 id=2012>2012</h2>
<div style="LINE-HEIGHT:25px;">
+<p>David Weinstein (<a href="https://twitter.com/insitusec">@insitusec</a>)
+of <a href="https://viaforensics.com/">viaForensics</a></p>
+
+<p><a href="http://thejh.net/">Jann Horn</a></p>
+
+<p>Ravishankar Borgaonkari (<a href="https://twitter.com/raviborgaonkar">@raviborgaonkar</a>) of TU Berlin</p>
+
<p>Robert Craig of <a href="https://www.nsa.gov/research/ia_research/">
Trusted Systems Research Group</a>, US National Security Agency
<a href="https://android-review.googlesource.com/#/q/owner:%22Robert+Craig+%253Crpcraig%2540tycho.ncsc.mil%253E%22+status:merged">
<img style="vertical-align:middle" src="../images/tiny-robot.png" alt="Patch Symbol"
title="This person contributed code that improved Android security"></a></p>
+<p><a href="http://roeehay.blogspot.com/">Roee Hay</a> (<a href="https://twitter.com/roeehay">@roeehay</a>,
+<a href="mailto:roeehay@gmail.com">roeehay@gmail.com</a>)</p>
+
<p>Stephen Smalley of <a href="https://www.nsa.gov/research/ia_research/">
Trusted Systems Research Group</a>, US National Security Agency
<a href=
@@ -447,17 +454,6 @@
<img style="vertical-align:middle" src="../images/tiny-robot.png"
alt="Patch Symbol" title="This person contributed code that improved Android security"></a></p>
-<p><a href="http://thejh.net/">Jann Horn</a></p>
-
-<p>Ravishankar Borgaonkar of TU Berlin
-(<a href="https://twitter.com/raviborgaonkar">@raviborgaonkar</a>)</p>
-
-<p><a href="http://roeehay.blogspot.com/">Roee Hay</a>
-<br>(<a href="https://twitter.com/roeehay">@roeehay</a>,
-<a href="mailto:roeehay@gmail.com">roeehay@gmail.com</a>)</p>
-
-<p>David Weinstein of <a href="https://viaforensics.com/">viaForensics</a> (<a href="https://twitter.com/insitusec">@insitusec</a>)</p>
-
</div>
<h2 id=2011>2011</h2>
@@ -472,8 +468,8 @@
<div style="LINE-HEIGHT:25px;">
-<p>Collin Mulliner of <a href="http://www.mulliner.org/collin/academic">MUlliNER.ORG</a> (<a href="https://twitter.com/collinrm">@collinrm</a>)</p>
-
<p>Charlie Miller (<a href="https://twitter.com/0xcharlie">@0xcharlie</a>)</p>
+<p>Collin Mulliner of <a href="http://www.mulliner.org/collin/academic">MUlliNER.ORG</a> (<a href="https://twitter.com/collinrm">@collinrm</a>)</p>
+
</div>
